My Photo

Company Sites

Subscribe

Categories

Cool Links

Blogs I like

Archives

More...

Add me to your TypePad People list
Powered by TypePad

Copyright

  • © Lutroo. All rights reserved. Thanks for stopping by.

« Dragons Den meets the X-Factor | Main | Need to know more about marketing your blog? »

Wednesday, 01 November 2006

Phishing - how to spot security scams

I had the following email sent to me today, from "smile.co.uk"

Dear Valued Customer,

We are committed to protecting you, with the latest technology to keep your details secure, and dedicated teams to monitor online activity and intercept any suspicious actions. And we do everything we can to protect our online customers, but the steps we take can be much more effective if you work with us to protect yourself.

31 October 2006 our security system detected an unsuccessful access attempt to your online account from IP address that does not correspond to your current address.

Please follow the link below to confirm your Smile.co.uk account details:

Click here.

If you do not confirm your address until 3 November 2006 your account will be SUSPENDED for security reasons.
--
Yours sincerely
Andy Howard
Security Department
Smile.co.uk

It even came with some nice graphics too. Given that these types of scams are quite prevalent on the internet today - how can you spot them?

Well, for me - this is easy - I am not a customer of the Smile bank! But what if I was. What gives it away?

Well - the first thing to do is to check the links and the website that it sends you to. If you click the link in the email, it will take you to the following website:

http://www.smile.co.uk.user4320.net/star/smile/

The thing to notice here is the domain. It look official with smile.co.uk in it - but it is the part just before the final extension that you need to look at - ie. user4320 which comes before the final extension (.net).

So this website is nothing to do with smile as smile.co.uk is a subdomain of the real website user4320.net. Apologies if this is confusing jargon - but always remember that the website is actually the name before the extension.

Take http://motors.ebay.co.uk/

If you click that - it takes you to the motors section of ebay. "motors" is a subdomain of "ebay.co.uk". Ebay is the real website as it comes just before the last extension (.co.uk).

This is very different to

http://ebay.motors.co.uk

The real website here that you would go to is "motors". I could type http://ebay.lutroo.com and you would come to the lutroo site.

So - first know which site you are going to. In the email - I am not being sent to the Smile website but one that has been designed to look like the smile website.

Second - and perhaps most importantly - the website asks for you PIN number when you get there. Bank websites would never ask for your pin!

When in doubt - call you bank. They would never send this kind of email.

Posted by Matt Edmundson on Wednesday, 01 November 2006 at 17:37 in Internet |

Technorati Tags: , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1031892/6655319

Listed below are links to weblogs that reference Phishing - how to spot security scams:

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In