OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Email Security Tip

I recently received an email that seemed to be from Amazon confirming an order. I didn't remember making. There was a link to get order information, and I hovered over it, Not clicking on it.

In the lower left corner most programs show where a link you hover over actually points. This one pointed to wyszukiwarka-mp3.pl⁄predefinition.html. The ⁄predefinition.html is an area on the server. The .pl top level domain indicates the country Poland. I did a whois lookup and it belongs to Zbigniew Twardowski who lives in Poland. Obviously, despite a return address of auto-confirm@amazon.com which is, in fact the return address used by Amazon to confirm orders, this was a phishing expedition which would infect my computer if I clicked on the Order Information link to find out what the order was.

If I wasn't immediately able to determine that this was fake by hovering over the Order Information Link, I still would not have clicked it, but instead gone directly to Amazon and checked my orders. Never use that kind of link.

Naturally, I deleted the Email, but then decided to dig through my trash because it would make a good example for my Newsletter.

The take away: People used to look before they leaped, now we must Hover before we click.

A similar email appearing to be from Paypal said,

It has come to our attention that your PayPal account information needs to be updated.  If you could please take 5-10 minutes out of your online experience and update your  records you will not run into any future problems with the online service.  However, failure to update your records will result in account suspension.

Everything looked like it really came from Paypal. Hovering over the link showed an address that started out with a secure https connection to paypal.com but continued  through a few more permutations to verifying-database.com⁄more stuff. Remember, the actual domain is the last one before a ⁄... so all the stuff earlier doesn't matter. I could make a part of my domain be paypal.com.steveshank.com and that would refer to an area on steveshank.com having nothing to do with paypal. I looked up verifying-database.com and it was one of 147 domains in China owned by Zhang Heng.

The take away: Hover before you click.


Date: March 2010

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster