Monday, July 2, 2012

One thing you should absolutely know about the Internet

Most people I know don't want to be techies and I don't blame them. But there really are a few things you should know to keep you out of trouble and one of the most important and easiest to do is to understand web addresses. A large number of scams involve tricking you into visiting a malicious web site and many of them are very easy to spot. Email and web addresses up to the .com/ part is what matters.

There was a time when fraudulent messages were so phony they were easy to spot - not any more. I'm going to show you three real messages I received and how I determined they were all fakes. In every case, I looked at the two or three characters preceding the first slash; this is called the top level domain. The IRS for example would likely have a TLD of .gov. It may be exciting to say a message from Christmas Island but it is unlikely the IRS would have a site registered there - .CX. To see a complete listing of TLDs including generic ones (.US, .GOV, EDU) and country codes (.US, .CA, etc.) click here.

FIRST EXAMPLE (appears to let you see your credit scores)
Friday, May 4, 2012
____View your-scores from all three-credit-bureaus__
//////Verify_Yours@___ (the TLD is .in so it is registered in India)

SECOND EXAMPLE (requesting information about a job application)
Dear job applicant
Thank you for submitting your information for open work opportunities.
We look forward to reviewing your application, but can not do so until you complete our
internal application.
The pay range for open openings range from $35.77 /hr to $57.62 /hr.
Before you are being considered, we will first have you to formally apply.
Please go here to begin the process: (.ca is a site registered in Canada)
Also, the following benefits are potentially open:
- Paid Vacation Time
- Health Benefits Package
- etc, etc
Please take the time to follow the directions and complete the complete
application process.
Yours truly,  Tod Acosta

THIRD EXAMPLE (probably the scariest one since it looks like a tax problem.
(Big official IRS Logo at the top)
Sent from email address IRS@Gov.US (email return addresses are easily faked)
Dear Taxpayer,
This is to Inform you the Internal Revenue Service (IRS) is conducting a new Intelligent Citizen online tax payers personal Information and Profile update that has just being Initiated by the united states government (Uncle Sam) for those who are regular tax payers to file for their tax returns.Please pay attention, that IRS [Section 6038(b)(1)]assigns a money penalty to the amount of $10,000 for each [Form 5471] that is sent later than the due date of the income tax returne, or does not comprise the thorough information described in [Section 6038(a)].
You we be released from the penalty if the taxpayer shows that the failure to meet the deadline for filling was caused by substantial reasons.
Please use the link below to enter our official site and obtain more information.
Yours Faithfully,
Internal Revenue Service United States
Department of the Treasury
(You cannot tell by looking at the link address but if you copy and paste it into your browser address bar, it takes you to a site called - not quite were you'd expect to go for IRS info.)


  1. Great helpful info, Gary. Thanks.

  2. Glad you liked it.
    It's the little things that count.

  3. Gary,
    It is so refreshing to read valuable technical information in such an easy-to-understand blog. I look forward to your postings and have shared this particular blog posting numerous times in presentations and with clients. Thanks!

  4. Thanks Karen - I'm glad you liked the post. Security and privacy are going to be an even bigger problem in the future for individuals and companies. It's easier to break into an online account than a real store and of course more and more of what we are doing is online. It's no surprise that's where the criminals will turn.
    Thanks again,