As the Internet becomes more and more accepted as the defecto place to find information, fraudsters will use this to try and take advantage.
One of the things that’s on the rise at the moment are scam text messages where the sender pretends to be a trusted organisation and try’s to persuade you to hand over your bank details.
The aim of this post is to help you spot these dodgy messages by the links that they use in the message.
First of all, it’s important to know that the crux of having a presence online is to have a link address, and this is based around a domain name.
Domain names are actually readily and cheaply available for anyone to buy and usually take the format of a word or two followed by .com or .co.uk (here in the UK)
The other thing that’s really important to know is that once you’ve got a domain name, you can preceed it with absolutely anything you want – even something that looks like somebody else’s brand – and this is where the fraudsters hook you in – they tend to use this preceding part (called a sub-domain) to add some recognisable brand name to make you feel it’s coming from a trusted organisation
In this example they’ve used the sub domain “royalmail” but it could just as easily be any other word, but since this opportunist scam is based on the assumption that folks will have parcels coming to them, they’ve used Royal Mail as the brand to try and hook people in.
The actual domain itself here is “redivery-charge.com” and that’s the part that the scammers bought for just a few pounds. Notice it’s also a mis-spelling of “redelivery-charge” – it’s quite common for scammers to make spelling mistakes, I’d hypothesise that English may not be their first language.
What to do if you get a scam message?
First, don’t click on the link – if you’re reading this and it’s too late, then consider what information you handed over, such as banking details, email addresses or passwords and do what you can to change/protect those.
So organisations, such as the Royal Mail in this case will have places where you can report scams like this.
If you really want to be one of those people who affects change, then you can use a service called Whois to look up which organisation this domain was registered with, called a “Registrar”, in this case namecheap.com
In most cases you’ll be able to email abuse@ – followed by the registrar’s own domain name and let them know the details of this scam – and if they’re doing their job well, they should be able to suspend the domain and put a stop to the fraudster’s activities. They may even go further to report the scammer who registered the domain to the authorities.
The lesson here is be informed and always check emails carefully before clicking on links or downloading attachments.