Ever since the coronavirus outbreak, domain name phishing has been increasing. As of 2020’s third quarter, there are approximately two hundred thousand phishing sites on the net.
Most phishing scams arrive on emails. Scammers send an accumulation of more than 3 billion fraudulent emails daily. On top of that, Google has reported that around 18 million pandemic-related phishing emails were sent out in April.
Spotting a fake email can be hard if you don’t know what to look for. In this article, we’ll show you the five tips for how to avoid domain name phishing and other scams.
Domain name phishing is a form of a fraud attack. It’s when scammers set up a domain that looks like a legitimate company or organization. They use the fake domain to deliver malware or make users hand out their personal information.
The APWG reports on phishing trends reveal that 505 brands have become the target of phishing practices. These brands include Apple, Netflix, Microsoft, PayPal, and DHL. With all the impersonation attempts, around 97% of users fail to spot a well-structured phishing email.
Here are why it’s easy to fall for scams:
- Lack of phishing awareness. Users may be unaware that phishing scams exist. Or, they do know, but they lack information on how to spot a phishing email.
- The use of urgency. Emails telling you about suspended accounts as a result of late subscription payment may be from scammers. They also often pose as governmental organizations as people tend to be obedient to authoritative orders.
- The I’m-not-susceptible attitude. Some users may think they have nothing for hackers to take. This belief can increase their vulnerability instead.
With hackers and scammers attempting to compromise our data, making security our number one priority should be a must. Follow these steps to avoid becoming a phishing victim:
Checking only the sender is never enough as scammers can easily manipulate it. Therefore, check the email address instead.
Professional, formal emails will never come from an email address ending with “@gmail.com” or @yahoo.com.” It should end with the company’s URL, for example, “@yourcompanyname.com.”
However, if you receive an email from “[email protected],” you should be careful. As 51.9% of all websites end in .com, there’s a great chance that the official LastPass’s website also uses the .com extension.
You can run a check with a domain checker tool to see if “lastpass.security” exists. One of the great domain checker tools you can use comes from Hostinger. You just need to type in the domain name onto its browser, and it’ll tell you if it’s taken already.
Every time you receive an email, inspect the way it’s written. Here are some questions to answer:
- Does the content align with the title?
- Is it free from typos?
- Is it well-written in terms of grammar and structure?
- Does it address you by name?
If your answers are yes to all the above questions, that’s good. However, don’t click the link yet. Let’s examine the link before clicking on it.
The next thing you need to observe is the URL. Hover over the link and see the address on the bottom left corner of your screen. Here are some tips for inspecting a URL:
- Stay away from URLs that look messy. If you find “bit.ly,” “TinyURL,” or a misspelt domain like “nefflix.com” when hovering over the link, don’t click it.
- Identify the domain and its subdomain. If you come across payment.amazon.com URL, it’s legit as it can be a subdomain of amazon.com. However, be careful if it’s amazon.payment.com. With this URL, scammers use the word “amazon” to fool you.
- Look for the padlock. This tip is for you who happen to click the link. Our advice is to stay away from websites that don’t have SSL certificates.
Armor your browser with an anti-phishing extension. The tool will run a quick scan of the website you visit and compare it to its phishing site directory. If the site is malicious, you’ll get a notification.
Some of the excellent anti-phishing plugins are Netfcraft and Phish Protection. For email phishing protection, try CloudPhish.
This is the internet’s general rule. You should never be confident in giving out your personal information on the internet. When facing a situation where you should, contact the company to confirm the request authenticity.
Apart from domain name phishing, here are other domain name scams you need to know:
- Domain slamming. It’s an attempt to get you to transfer your domain into the scammer’s dubious registrar. Cybercriminals do this by sending users an email asking them to renew their domains.
- Website listing services. When attempting this type of scam, cybercriminals may tell you that your site isn’t doing well enough on the search engine’s ranking. They may invite you to join their services to push your site’s rank.
- Geo-TLD domain scam. This happens when scammers tell you your competitor is trying to build your site’s clone using a geographic extension, such as .ru or .cn. They’ll also tell you that they’ve secured the domain in the meantime so you can claim it. While in fact, the domain doesn’t even exist in the first place.
The rising number of phishing attacks is exponential. As it can cost a company millions of dollars, it’s always recommended to take extra precautions when receiving suspicious emails. We hope the tips to avoid domain name phishing you’ve learned in this article will be a big help to getting you away from phishing attacks.