Thursday, August 12, 2010

Why you can be robbed blind in Cameroon without ever going there

The country code for Cameroon is .cm and a common mistake is to type .cm instead of .com. If you accidentally type instead of, you will go to an entirely different site and could be tricked into providing the password for your account on a web page that is a perfect copy of the legitimate bank site you normally see.

"Phishing" is an attempt to trick you into providing personal information such as bank account or Social Security numbers to someone who will use it dishonestly. Modern techniques are very sophisticated versions of the "Nigerian official who wants to share $40 million with you" scams.

These are seductive since they appear to be messages from a source you know and they are addressed to you by name - not "dear friend". Often they are requests for you to update contact information and will appear to come from the address of a bank or store you deal with and will have the logo of the institution prominently displayed.

If you know only one thing about Internet addresses, you can avoid many of these plots. 

While Internet addresses are often long, confusing strings of letters and symbols, there is a critical set of two to four characters you need to understand. The following examples illustrate this point:*!345 - possibly safe*!345 - probably unsafe

If you are a customer of MyBigBank, it is likely their address includes .com. It is highly unlikely it includes .ru. This set of two to four letters is referred to as a Top Level Domain name. These are either generic (.com, .edu, .gov) or country codes (.us, .ru). As you might guess us=United States and ru=Russia. So to significantly reduce your chances of clicking on a malicious site check the two to four characters preceding the first slash in the address. You should be suspicious of country codes in general and any .com address you do not know. For clarity the basic web address is called a domain name; .com, edu, .gov, are top level domain names. To have a web page you need to find a domain name that is not currently used. is probably not available but may be (.md is the country code for the Republic of Moldova.) Click here for a complete list of country codes.

Two other related facts: An address you see in an email message or web page may look legitimate but the link connected to that address may be entirely different. The button or words you click on are totally arbitrary and the underlying web address (the hyperlink) is what matters. Second, web pages can contain a "jump" command that could, for example, cause you to go to even when you enter so keep a close eye on the Top Level Domains that show up in the browser address line.

Finally, the top five riskiest country codes for 2009, according to McAfee were:
  • Cameroon (.cm)
  • PR of China (.cn)
  • Samoa (.ws)
  • Philippines (.ph)
  • Former Soviet Union (.su)

No comments:

Post a Comment