Thursday, February 1, 2018

The Difference Between Spoofing, Phishing and Spam

Cyber criminals and scammers are very creative, artistic and inventive individuals. They seem to find a way to trick computer users into falling to their traps.

For most of us, the terms Spoofing, Phishing and Spam seem to denote the same thing. However, they are different from each other. Knowing what to look for can help you stay safe from their effect.

Let’s take a look at their definitions....
Spoofing
Spoofing is the forgery of an e-mail header so that the message appears to have originated from someone other than the actual source. This is usually accomplished by changing the "from" e-mail address and/or sender's name of the message so that it appears to be from a known sender.

The spoofer (the attacker) hopes you have an account at that organization, which will complete the illusion. They know that if the recipient receives a spoofed email message that appears to be from a known source, it is likely to be opened and acted upon. Such emails request the recipient to reply to the message with valuable personal information such as an account number for verification. The spoofer then uses the information for identity theft purposes, such as accessing the victim's bank account, changing contact details, etc.

Phishing
Phishing is when a scammer uses fraudulent emails or texts to send you to a replica of a real website to get you to enter valuable personal information into that website. The information they are looking to get from you are account numbers, social security numbers, or your login IDs and passwords. Scammers then use your information to steal your money, your identity or both.

An example of a phishing scam would be that the scammer sends you an email that looks like it's from a real company that you do business with, such as your internet provider, an online store or even a real bank. The message may inform you that your account is locked. Then it instructs you to press the included button or link for you to go to their replica version of a real website, where you are instructed to give your account information. If you follow the directions, you just gave up your personal information to the replica site.

The replica of the real website looks like the real website. They have the company logo, log on button, privacy information, etc. It's done that way to fool you.

One clue that the site may be a fake is that the website address (in the browser's address bar) won't look exactly right. For example, the most web pages for Amazon.com will include that in the addresses (e.g. support.amazon.com). A fake phishing site may:
  • Have a different top-level domain instead of having ".com" (e.g. support.amazon.net)
  • Try to fool you by putting the company name ahead of the domain name (amazon.fakecompany.com). In this case, the domain is "fakecompany", not "amazon".
  • Spell the domain name a little differently (support.amaz0n.com). This uses a number zero instead of the letter "o".
Spam
Spam is sending many copies of the same unsolicited message in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, and often for dubious products or services. Chain letters, political mailings and other forms of non-commercial mailings are also categorized as spam. Spam is used since it costs the sender very little to send. They make their money on a few people (within a high volume) accepting the offer.

The CANSPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) Act of 2003 was signed into law setting national standards for the sending of commercial e-mail. It also requires the FTC to enforce the provisions under the law. However, many spamers send their messages from outside the United States, thus they ignore the law.

How to Stay Safe
  • Pay attention to the website’s web address. Malicious websites may look identical to a legitimate site, but the website address may use a variation in spelling or a different domain.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on your account statement, not information provided in an email. 
  • Check out the Anti-Phishing Working Group (APWG) to learn about known phishing attacks and/or report phishing.
  • Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. Don't follow links sent in email.
  • Keep a clean machine. Keep all software on internet-connected devices, including PCs, smartphones and tablets, up to date to reduce risk of infection from malware.
  • Install malware, anti-spam and virus protection software on all internet-connected devices.

Click here to contact me regarding this or any other blog topic. Also, I welcome comments, which you can post below.

Monday, January 1, 2018

About Website Domain Names

A website Domain Name is what a person enters in their Internet browser’s address bar to access a website. While real Internet addresses are made up of a complicated series of numbers, Domain names are the unique, human-readable Internet addresses of websites. If your website was a home, the domain name would be its address.

Why we Need Domain Names
The Internet is giant network of computers connected to each other through a global network. Each computer on this network can communicate with the other computers. For the computers to identify each other, each computer is assigned an IP Address. The IP address is a series of numbers that identify a particular computer on the internet. A typical IP address looks like this: "164.72.122.91". Since numerical IP addresses can be quite difficult for people to remember, domain names were invented to solve this problem.

The Parts of a Website Domain Name
Domain names are made up of three parts: a top-level domain (sometimes called an extension or domain suffix), a domain name, and an optional Subdomain. The combination of the domain name and top-level domain is known as a "Root Domain".

Website Domain Name
  • Top Level Domain (TLD) - is the formal term for the suffix that appears at the end of a domain name. It is the first level of a domain's hierarchy. Some example of top-level domains include: ".com", ."net" and ".edu". While you are probably familiar with these TLDs, there are actually over 1,000 possible TLDs from which you can choose.

  • Domain Name - is the second level of a domain's hierarchy. This tends to be the most descriptive and readable portion of a root domain. Examples of domain names are:
No two different websites can have the same root domain. However, one website can have multiples root domains assigned. All the pages on the same website have the same root domain, and usually have their own domain name: "www.princetontechadvisors.com/p/our-services.html".
The above are both subdomains of their website's root domain. The most common subdomain is www (world wide web). It's also possible to omit the subdomain to access a website.
Buy a Domain Name
Every business, and everyone who needs to be found online, needs a website. If your business is not found online, it is irrelevant to those searching for your service or product offerings.

The first step is to buy a domain name (actually, the Root Domain). Anyone can buy a domain. To do so, you visit a domain name registrar, such as GoDaddy or Google Domains, key in the root domain you want to buy, and pay a fee. You buy a domain for a term, such as 1 to 10 years, and can renew your purchase at the end of the term (or even set up an auto-renewal). You may only buy a domain that is not already registered by another person or business.


Domain names put a friendly face on the hard-to-remember numeric IP addresses. Since your domain name is the name of your website, you want to make sure you get a good one. You will want to buy one that is catchy and short so that it's both easy for people to remember, and easy for people to type.

Look forward to our future post where we discuss Search Engine Optimization (SEO) best practices for domains.


Click here to contact me regarding this or any other blog topic. Also, I welcome comments, which you can post below.