Domain Name Scams and Phishing Scams: How To Spot Internet Scams
In many ways the popular image of internet scams, that of the ‘generous’ Nigerian prince and the distant relative with the common name, can lull people into a false sense of security.
In reality, internet scams have developed and are a little more sophisticated and effective than you are probably imagining. This is especially true when it comes to the less-technologically-literate and the elderly, as these scams are often only given away by small typography or design inconsistencies.
That’s why it’s important that if you’re using the internet, especially for transactions and your business, you know exactly what to look for.
Years ago we posted about an internet domain scam, but these things often change year to year, so here’s an updated and comprehensive look at some of the more common internet scams and how to avoid them.
Bank Phishing Scams
Bank phishing scams are one of the most popular scams for hackers and fraudsters, especially when it comes to targeting the elderly and vulnerable, with financial services attacks compromising around a third of all phishing attacks.
Phishing in this case refers to fraudulent emails that look like they come from a bank or other financial institution, to trick the receiver into sharing their personal, financial, or security information.
In Canada, customers have been targeted with one of the more sophisticated variants of this form of attack — a long term operation that registered over 300 spoof domain names in a bid to defraud consumers.
These attacks often rely on social engineering tactics: by spoofing the typography and logos of the bank, and by prompting the recipient with an urgent warning, they can coerce people into failing to spot the fraudulent email.
Tips For Spotting And Preventing Bank Phishing Scams
Always log into your online banking directly to change anything or check your details.
Do not ever click on links in an email!
Know what an official email looks like.
Banks always follow a template and knowing what to look for will help you recognize a fraudulent email.
Check the little details of an email, such as whether or not the email addresses you by name or with a generic title (such as “Dear sir/madam” - your bank should know your name and if it doesn’t, it is suspicious).
Save the email address of official emails from the bank in your address book, that way you can recognize a spoofed domain name. Always check the sender’s address carefully to ensure it is an official email.
Fraudulent Emails Example
Usually, it just takes a moment to realize that an email is fake. Take for example this one from Apple:
There are several red flags:
- Slight typos in the text. You would think a big company like Apple would use better email copywriters, especially for an automatic email like this!
- The copyright in the footer is only until 2017 - wouldn't Apple have up to date copyrights?
- The biggest giveaway that this is not legitimate is the from address. At a glance, it doesn't look as suspicious as some with a string of letters and numbers, but it's the text after the @ that is supposed to be the official company. In this case, it is coming just from "noreply". And that is most definitely not Apple.
Plus, the recipient of this email doesn't even have an Apple account.
But these scammers rely on numbers, send enough emails to enough people, there are a few that would have an Apple account and wouldn't catch the warning signs and would click the link to either give up their account info, or have malware installed on their account. It's a lucrative business that isn't going away any time soon.
Be Wary When Emails Ask For Your Card Details
As apps and e-commerce platforms grow, we’re increasingly being required to input our card details across a wide range of websites. When doing this, always check to make sure that the website has an SSL certificate.
This proliferation of online payments has also seen the rise of scams that attempt to spoof popular sites, such as PayPal or Netflix.
If a company like that emails and asks you to update your payment information, do not click on the link! The website it brings you to might look legitimate, but it is just a way to steal your information.
If you do enter your details on a phishing scam, cancel your card right away and contact your bank.
Even if it was just a click of a link, you may also want to contact IT and run a virus scan to make sure that no malware has been installed on your computer. Malware can be nasty to deal with and it is not something you want to leave to chance.
Domain Name Scams
Domain scams are one of the more invasive and hard to spot internet scams. They have been going around for years, popping up at various times, albeit under a different guise.
One of the biggest ones is a company, currently operating as Domain Registry Of Canada, that has a number of aliases. One of which is iDNS, an example you can see on the right.
Their scam is they will email website owners prompting them to renew their domain name while masquerading as an official authority.
This is fraudulent on a number of levels: your domain name is likely not expiring soon, they have no claim to registering domains or managing them, they won’t provide a legitimate service for the fee.
If you do receive a letter or email saying your domain is expiring, the first thing to do is Google the company name. These scams quickly develop reputations and you’ll find plenty of people in a similar situation.
If you’re still not reassured, then contact your current web hosting service, they’ll be happy to reassure you.
Quite often we receive emails or calls from our clients asking about this scam, and we always say we are in control of their domain and to not worry about it. Or if we don’t control their domain name, we still reassure them that there is no threat to the domain. Renewals will happen as planned, and this email or letter or email is just an attempt to scare them into handing over money.
A few times over the years we have had clients who followed these letters, and it was a mess trying to get control back and sort it all out.
If you receive a letter pressuring you into immediately giving money for whatever reason, always take a step back and objectively assess the situation. Legitimate companies and reasons can wait a moment while things are verified.
The best way to avoid domain scams and to keep your business secure online, is to work with a trusted web development company. At Radar Hill we pride ourselves on always being here for our clients, happy to answer questions, and help support them any way we can. To find out more about what we can offer, get in touch with us today!