How scammers use sub-domains

Computer SafetyThe technique of baiting people with websites that look like the real thing is called phishing

The aim is to get you to send important information about your account login to an internet fraudster who will then use the details you inputted to access your account. They even try to make the website address appear genuine - but it's all in the dots!

Look carefully at the Domain Name

Just because the domain name of the phishing website contains the right words does not mean it is the site.

Lets take two examples:

Example One www.barclays.com.142.ru

Look for the dots reading from RIGHT to LEFT. In the first example the first dot (from right to left) is at .ru This indicates a Russian domain name. If you then carry on looking the the next dot it appears just before 142 - So the actual domain name is 142.ru Any other dots continuing from right to left are sub-domains of 142.ru So barclays.com are merely subservient to 142.ru (and therefore nothing to do with barclays)

Example Two www.networksolutions.com.012892378267.239827432.mobi/login,secure

OK so scammers try to make it less obvious by using really long URLs - hoping you will lose the will to bother looking for the dots. Using the same technique, look for the first dot from RIGHT to LEFT. Don't be fooled by the , (comma) or / (slashes). You should spot the first dot just before mobi (so we know it's a .mobi domain) and the second dot shows that the actual domain is 239827432.mobi Did you get it right? So all the other characters to the left of .239827432.mobi are subdomains served by 239827432.mobi

Sub-domains are not bad in themselves and are commonly used (see www.demo.easykey.net - a sub domain belonging to www.easykey.net ) The point is that phishing websites use familiar or genuine looking sub-domains to try to trick you.

One final trick to be aware of is that scammers will usually display the link in a email so it looks genuine e.g. http://adwords.google.com but if you carefully float your mouse over the link (and keep it still without clicking) it will often reveal the true domain!

More about Phishing