Tuesday, August 28, 2012

Another remarkable phishing scam

I just received an email about the delivery status of a parcel with no alarmist message, misspelled words or anything else to make me suspicious. And by coincidence, I had ordered a product to be delivered to a third party at about this time. In this very well designed and formal looking document I had to look carefully for some place to click for more information and noticed that the Tracking Number was clickable - again a very normal situation. But since I'm always suspicious, I did what everyone can and should do, copied the link where the tracking number led and checked the two characters I discussed in my previous post below and low and behold, it was a site registered in South Africa.

To do this on my Mac I right click a link, select copy link  and paste it into the address bar of my browser. A similar procedure works on Windows. Then I look at the characters before the first slash - normally COM, EDU, etc. If there are two characters such as ZA or US it is a country code and a simple Google search using TLD ZA will return a result showing that Top Level Domain is assigned to South Africa. You cannot just avoid the pleas from deposed dictators to share their stolen loot anymore; the same people may be behind the schemes but they have evolved greatly since the early days.