Scam, scam, scam
I'm getting sick of bullshit websites, so here's a quick guide to
spotting them.
This week I received a breathless email from the Inland Revenue Dept saying I'm due for a tax refund. I checked the links and discovered that the IRD apparently operate from an email address in Germany and a website in Brazil, and that all they required was my internet banking ID and password. Huh? To give me a refund?
I also noticed the four banks I could access from their site -- the ANZ, ASB, KiwiBank and Westpac -- are also all run from the website in Brazil. Wow, who'd have guessed?
Scam, scam, scam. And it's easy to spot. Here's the email ...
Yes, it says it's from Inland Revenue, but look at the From line: m.boehm@freakmail.de. Alarm bell #1.
I only allow messages containing remote content from people I know, so that's prevented the IRD logo from displaying in the message. It's also triggered alarm bell #2 with a bold display of the actual source of that graphic.
Alarm bell #3 starts ringing just hovering the cursor over the Refund Me Now link because the status bar at the bottom of the window shows where this will actually take me ...
Yes, that ".br" means Brazil.
But let's pretend we're completely stupid, let's follow that link and see where it takes us.
Actually the web page is quite well done. Many of the ancilliary links point to real IRD pages, but there is that small matter of the actual address bar.
And hovering over the bank graphics shows they all lead to the same site too. Let's follow one.
Here's the bogus ASB signon page ...
... and here's the real one ...
Not much difference, but there are three critical warning signs. First off, the actual addresses;
Which one would you trust?
But most important is http / https difference. The latter signifies a secure sign-on via an encrypted channel. Firefox highlights these in green.
Never, ever, ever part with a banking signon that doesn't go via https. You might as well write your details on a Post-It note and stick it to your forehead.
If you're still in doubt, click on the VeriSign link. On the bogus site it does nothing. On the real site it brings up a valid site certificate ...
So there you have it. Spotting the scammers isn't difficult. In fact it can be fun. And don't forget to report them.
I'll have another bogus website in a day or two, but in the meantime if you receive a link to "news" story headlined
don't get too excited. It's just another scam.
This week I received a breathless email from the Inland Revenue Dept saying I'm due for a tax refund. I checked the links and discovered that the IRD apparently operate from an email address in Germany and a website in Brazil, and that all they required was my internet banking ID and password. Huh? To give me a refund?
I also noticed the four banks I could access from their site -- the ANZ, ASB, KiwiBank and Westpac -- are also all run from the website in Brazil. Wow, who'd have guessed?
Scam, scam, scam. And it's easy to spot. Here's the email ...
Yes, it says it's from Inland Revenue, but look at the From line: m.boehm@freakmail.de. Alarm bell #1.
I only allow messages containing remote content from people I know, so that's prevented the IRD logo from displaying in the message. It's also triggered alarm bell #2 with a bold display of the actual source of that graphic.
Alarm bell #3 starts ringing just hovering the cursor over the Refund Me Now link because the status bar at the bottom of the window shows where this will actually take me ...
Yes, that ".br" means Brazil.
But let's pretend we're completely stupid, let's follow that link and see where it takes us.
Actually the web page is quite well done. Many of the ancilliary links point to real IRD pages, but there is that small matter of the actual address bar.
And hovering over the bank graphics shows they all lead to the same site too. Let's follow one.
Here's the bogus ASB signon page ...
... and here's the real one ...
Not much difference, but there are three critical warning signs. First off, the actual addresses;
Which one would you trust?
But most important is http / https difference. The latter signifies a secure sign-on via an encrypted channel. Firefox highlights these in green.
Never, ever, ever part with a banking signon that doesn't go via https. You might as well write your details on a Post-It note and stick it to your forehead.
If you're still in doubt, click on the VeriSign link. On the bogus site it does nothing. On the real site it brings up a valid site certificate ...
So there you have it. Spotting the scammers isn't difficult. In fact it can be fun. And don't forget to report them.
I'll have another bogus website in a day or two, but in the meantime if you receive a link to "news" story headlined
"Work
At Home Mom Makes $6,876/Month Part-Time"
don't get too excited. It's just another scam.
PC World is New Zealand’s top selling computing and technology magazine.
Comments
@Richard - Its easy for people like us to call them 'thick' but the reality of the situation is just a lack of understanding.
The people who fall into these traps dont know what a URL or website address is, or what it should look like.
This line of text, http://blogs.pcworld.co.nz/pcworld/tux-love/2010/09/scam_scam_scam.html at the top of this page is just a bunch of gobbledegook to them.
They get to the websites they want by clicking on some blue text, in an email or search, thats all they know.
These people recognise websites by the way the look. And the scammers know this. They are just preying on these uneducated PC users.
There is also a huge amount of missinformation and missunderstanding out there as well.
I've had website clients refuse to supply bank account numbers via email or website because they think its unsafe to do so.
They dont seem to understand that the worse thing that can happen with that is someone can give them money..
Or website clients who didn't realise that you can actually type their address into a browser.
They always found the websites they wanted by typing the whole address into a search..
These people are not 'thick' they are just people who have never been taught the correct way to use a web browser.
Posted by: chris | September 13, 2010 6:33 PM
Lets face it, people are generally thick, gullable and having no one else to blame but themself for their ignorance if they cant read or spot a bogus banking web site. People need to stop blaming the computer for their ignorance and mistakes.
Posted by: Richard | September 12, 2010 10:17 AM
Banks often don't help the security cause though. The BNZ card centre recently rang and the first thing they ask is for your full name and birth date (to verify your identity). I refused and suggested I would ring the bank myself and was met with an unhappy response. Good one BNZ.
Posted by: Ruatuki | September 10, 2010 2:13 PM