Typical scam mail
In the article about the 10 golden rules for protecting your digital privacy, rule #7 deals with scam mail and shady domain names:
If you are asked to log on an institutional website, go the usual way (through your browser) but never click on a link featured in the email, even if it appears to come from a trustworthy source. Email headers can easily be faked to deceive you as shown in this example.
This is a typical example of scam mail where everything seems fine:
- Sender seems to be “JP Morgan Chase Bank” <noreply@chase.com>
- Website I’m invited to log in seems to be chaseonline.chase.com
Hint #1: the message is somehow pressuring me into logging in a rush.
Hint #2: real message from institutions always feature the first and last name of the customer. In this case I am dealing with a generic text.
Hint #3… well, I am not a customer of JP Morgan.
Moving my mouse pointer over the featured links, it turns out that it actually points to the id017.be domain.
It is always the last part of an URL that counts: chaseonline.chase.com.id017.be
Doing a WHOIS search on the domain, it turns out the id017 is fresher than a pimple on the forehead:
Domain details Domain Name id017 Status REGISTERED Registered November 7, 2008 Last update November 12, 2008 10:47 AM Licensee Language English Email email Agent technical contacts Name Auto répondeur Organisation Gandi Sas Language English Address 15 place de la Nation 75011 Paris France Phone +33.143737851 Fax +33.143731851 Email support-en@support.gandi.net Agent Organisation Gandi Sas Website www.gandi.net Nameservers a.dns.gandi.net c.dns.gandi.net b.dns.gandi.net
Actually, Gandi.net is an official French domain name registrar like Network Solutions in the USA. I used to have one of my web sites hosted by them. The scammer who registered the domain through them kept all personal information out of the public records. I have filed a complaint to let Gandi.net take the necessary measures.
