Sadly there are dishonest people in every part of life and that includes online. Some scammers run scams to make money, gather your private details to sell on or they want more of your details to better target you in email scams. Some wait for you to click on a link in an email to confirm that your email address is valid before sending a deluge of spam, sadly some of these links are dressed up as unsubscribe links. Some scammers seem to do it just for the pleasure of causing distress and heartache, this is especially prevalent amongst “health scare” emails.
It’s easy to fake the from field in an email
Believe it or not, in less than 3-5 lines of web code (+ a line per email address) a script can send out an email with anyone’s email address in the from field. These scripts can send thousands of emails out an hour. Shocking I know, thankfully most of these scammers are to dumb to realise this and when you look at the from field you see something like this:
facebookadmin@facebookmail.dfrghjk.cn
This doesn’t mean that it’s from Facebook at ALL. The bit before the @ is simply the name of the email account, in this case facebookadmin the bit straight after the @ and before the . is known as a sub domain. Lots of web hosting companies allow sub domains and you can call them what you want. The bit after the dot dfrghjk.cn is the actual domain name where the scammers want to send you.
Hover before you click
Sometimes scammers put a legitimate web address in the email but point it at a different domain. If you hover over a link and look at the status bar in your email program or browser, it should show you the same address. For example the link below claims to be for you to win a big lottery prize but in reality it takes you to the page about Sheppie, my border collie (you have to watch these border collies they can be sneaky).
You’ve Won US$100,000,000 in the Nigerian Lottery
Domain names can also have sub-domains. These are seperate little areas within a website, many scammers will use this to try and make the links looks legitimate.
So:
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/antiphishing/PPPhishingReport-outside
Is a genuine PayPal link (it goes to the page about reporting Phishing attempts). The bit in bold tells us what domain it is on.
Whereas this email address:
http://www.paypal.com.536koo74yx8te1m7cf.gfrd7gtbhnumu7ng3x33.com/cgi-bin/webscr/?943-120-325RNC943-120-325?login&login_email=someone@somedomain.co.uk&ref=
Isn’t anything to do with PayPal at all, in fact it’s really part of the site www.gfrd7gtbhnumu7ng3x33.com. Worse the web address includes a suspicious number and email address. It’s almost certain that if you click on this address you will get a massive increase in spam and phishing emails since the scammers now know that someone is using the email account (rather than an abandoned email account).
Be aware that scammers will sprinkle links around a scam email in hope to dupe stupid people so check ALL links before you click on them. They even put in warnings about scams linking to the genuine pages for the bank, credit card company etc who they are impersonating.
Are you expecting the message?
It may sound obvious but if you’re not with National Smiley Bank and they send you an email asking for your details then don’t supply them. If you do bank with National Smiley Bank and they never email you and you don’t use internet banking and an email turns up be suspicious! If you do use internet banking, look at the email, does it look the same as an email that you know was from National Smiley Bank? If you suspect it is a fake, go to your browser, type the usual URL in the browser and sign on as normal. If it’s important they’ll be something when you sign in.
Read more »
Sometimes you just need a simple image to use for a web graphic or photo. Sometimes you don’t have the time or energy to make one from scratch. So here’s some of my favourite ways to make a quick graphic.
)