News!! The Single-Slash Double-Dot Dominion For Identifying Spam Links Inward Phishing Emails

This article is virtually e-mail phishing, in addition to spam-links inward emails: how y'all tin recognize them in addition to what to practice virtually them.

Understanding Spam vs Phishing

Most people know what regular spam is. Phishing is a to a greater extent than sophisticated type of spam, which combines data that the spammer knows (or guesses) amongst conventional spam techniques. Often phishing emails are addressed straight to you, in addition to offering a "product" or "service" that y'all powerfulness realistically want. For example, they may offering to create a safety work amongst your on-line banking (just equally presently equally y'all bring gone to their website in addition to given them your existent on-line banking details).

Bloggers are specially susceptible to phishing emails, because nosotros write websites where nosotros percentage data virtually ourselves. For example, anyone who reads Amazon Associates in addition to Chitika, in addition to that I bring a domain hosted amongst DomainDiscount24.  It's non much harder to move out that I'm interested inward folk-music, in addition to know a lot virtually populace carry inward my city. And fifty-fifty though I don't display my e-mail address on the blog, it isn't that difficult to estimate from unopen to of the screen-shots I use, or by subscribing to my RSS feed.    And y'all powerfulness hold upward fifty-fifty to a greater extent than vulnerable if y'all link your spider web log to your Facebook profile instead of a Page.

Protecting yourself from Phishers

ISPs in addition to e-mail services divulge in addition to delete most regular spam emails earlier they are delivered. But this is harder to practice amongst phishing emails, because they oft expression genuine. So you demand to protect yourself against phishing.

The best way to practice this is to hold upward curious-and-cautious virtually whatever e-mail y'all receive. There are lots of suggestions below virtually what this means, in addition to what characteristics to expression for. None of them tin laissez passer on a 100% for certain respond virtually whether a message or offering is dodgy. But beingness aware of the form of things y'all demand to check, in addition to in particular the "single-slash-double-dot" dominion for checking links, is a an first-class start.

How to spot phishing emails

An e-mail message may hold upward a phishing endeavor if some of the next are true:

• You were non expecting the message, or whatever contact from the scheme it patently comes from.

• You've never heard of the scheme or companionship that it comes from - or y'all don't bring whatever dealings amongst them.
  (That said, sometimes unknown organisations practice contact y'all - attempt out to flora their legitimate website or telephone number from unopen to other source, to banking company check if they're "for real" or not).
  

• The message asks y'all to confirm occupation organisation human relationship details past times giving unopen to personal information: no reputable companionship volition ever desire y'all to practice this past times email. Intelligent reputable companies volition non await y'all to practice in addition to thence past times clicking on links inward their website.

• The message tries to brand y'all respond quickly, to halt something bad from happening. (Basically, they're trying to halt y'all from thinking virtually the message earlier y'all respond to it.)

• An e-mail doesn't bring your address inward the To land - or it has your address in addition to many others which y'all don't know.

• The message-body doesn't start amongst your cite (eg if it says "Dear Customer" instead of "Dear Joe Soap")

• The from address, or the cite equally the bottom of the message (like the "signature" inward a paper-based letter) is missing, or seems foreign given where the message came from.

• Bad spelling. Bad grammar. Poor formatting. Odd looking graphics / pictures / logos. Strange sentence structures (either to attempt out to play tricks you, or because the writer doesn't know your linguistic communication well).

None of those features guarantee that a message is dodgy. But whatever of them should hold upward plenty to brand y'all a piffling suspicious.

But at that topographic point are unopen to features that are to a greater extent than of a give-away:

• The URL / hyperlink inward the message isn't the correct ane for the companionship (eg it's from www.ebay.org instead of www.ebay.com)

• The message contains a link which doesn't tally the website demo when y'all hover the mouse over it eg www.amazon.com - notice that it's linked dorsum to Blogger-HAT instead of to the existent Amazon.
  NB Even if a link looks similar a link, ALWAYS banking company check where it goes to past times hovering your mouse over in addition to seeing what the "tool tip" text is.
  

• The message uses an URL shortening service (eg tinyurl.com, bit.ly, goo.gl) which stops y'all from checking where the link genuinely goes.
  (This is a expert argue why y'all shouldn't purpose link shortening services yourself:  they larn inward expression similar y'all bring something to hide. Whenever I tweet virtually a post, I ever set inward the total URL: fifty-fifty though Twitter doesn't display all the characters inward the message, they are available to anyone who hovers over the link).
  

Influenza A virus subtype H5N1 uncomplicated dominion for evaluating links:

The final iii points are the most helpful - but they rely on y'all beingness able to look at a website-link in addition to know if it's spammy or not.

And spammers know that it's slowly to confuse people past times showing them long, complicated existent links, that superficially expression similar existent ones.  For example, consider

www.cnn.com.newslist.2013-01.headlines.trouble.com/headline-listing/xx03/index.html

Lots of people volition expression at this, run across the "cnn.com" in addition to think "ahh, that's a reliable intelligence site, it must hold upward fine."   But that's non genuinely true.

Fortunately there's a uncomplicated rule that y'all tin purpose to divulge the existent website that a link points to. It is

Single-Slash, Double-Dot

To purpose it, look at where the the link genuinely goes (by hovering the mouse higher upward it) and:

• Find the get-go unmarried frontwards slash
• Look at the words betwixt the 2 or iii dots merely earlier the slash
• Decide if the link is genuine, based on these words.

The Single-Slash Double-Dot dominion explained

In the illustration above, the get-go unmarried frontwards slash is genuinely half-way through the link:

www.cnn.com.newslist.2013-01.headlines.trouble.com/headline-listing/xx03/index.html

So the website that it is pointing to is genuinely trouble.com - which powerfulness non hold upward a identify that y'all desire to visit.  Compare this with

http://www.bbc.com/future/story/20130129-blue-heart-of-the-planet

where the get-go single-slash is quite nigh the start, merely earlier the really genuine www.bbc.com.

In summary, the website cite betwixt these 2 or iii dots should tally the ane that is shown inward the email, in addition to should hold upward the correct ane for the company. For example, ane of these points to the existent TradeMe, in addition to ane doesn't:

TradeMe 

TradeMe

(Yes they expression the same:  remember y'all demand to start past times hovering your mouse over the links, to divulge out where they genuinely betoken to.

Two vs iii dots?

You sometimes bring to banking company check dorsum iii dots because unopen to countries bring two-level internet addresses. For example, instead of .com y'all volition find

• .co.uk - inward the U.K. (two level, in addition to thence y'all demand to banking company check iii dots)
• .com.au inward Commonwealth of Australia (again,two level, in addition to thence y'all demand to banking company check iii dots)
• .ie - inward Ireland, (single-level, in addition to thence y'all exclusively demand to banking company check 2 dots).

So similar the many cyberspace safety issues, at that topographic point are nevertheless judgements y'all demand to make, in addition to cognition y'all demand to apply.   But still, it's fair to tell that y'all tin ...

Use the single-slash-double-dot dominion to move out where the link inward an e-mail message genuinely goes to.
[Tweet this quote].

What practice to if an e-mail or link is suspicious

With old-fashioned spam, the dominion was ever to delete the message, no questions asked.

With suspected phishing emails, it's a piffling harder.   You demand to brand a judgement:

• What are the chances that this is genuine?/

• What are the consequences if it is genuine, but I ignore it?

• Is at that topographic point some other way that I tin banking company check out this out, without clicking on the link inward the email? For event past times going straight to the banks' website past times typing inward the address myself - or past times phoning the mortal to inquire if they genuinely did e-mail me.

You demand to weigh upward these iii factors, in addition to based on them create upward one's hear whether to investigate farther (eg past times going to the website directly, or emailing the sender for to a greater extent than information, whether to trust the e-mail message, or to merely delete it.

TL/DR:

Phishing emails purpose data virtually y'all to personalize spam.

Apply mutual feel in addition to intuition to every e-mail that y'all receive. Check that links become where they are supposed to - in addition to don't click them if they don't.

Use the single-slash-double-dot dominion to move out where the link inward an e-mail message genuinely goes to. [Tweet this quote]

---

Related Articles:

Displaying e-mail addresses on your blog

Offering an RSS feed

Linking your spider web log to your Facebook profile

How to brand a "tweet this quote" option.

Tweet

Subscribe to receive free email updates: