Anyone can purchase a domain name and web hosting for that name. Hackers can create a subdirectory on their website using a legitimate name. They may create sears.myaccounts.com, or paypal.commercial.com. The dot in the middle of the name indicates that you are accessing a subdirectory on the server. The actual domain name ends in .com, or .net. or .org. A legitimate business may use subdirectories, but their main domain name will be paypal.com, or sears.com.
Thus, messages from accounts.sears.com are legitimate, while messages from sears.accountcentral.com are fake. Also look for misspellings in domain names — micosoft.com is not microsoft.com.
A friend’s Yahoo account was recently hacked in just this way. She responded to an email requesting that she click a link to update her account information. When she did this she was presented with a page that looked exactly like Yahoo’s log-in page.
Once she logged in on the fake site the hacker had everything he needed. The hacker changed her password, locking her out of her account. The hacker then sent a message to all of the contacts in her address book.
The message stated that Tina, my friend, was traveling abroad when her purse was stolen, and that she desperately needed me to send her money so she could return home. Many of us who received this message thought it was a bit suspicious and replied with questions that only Tina would know the answer to. Others thought the message was a serious request for help.
Social networking sites have recently become a target for phishing. Once in, a hacker has access to all types of personal information about you. Facebook users and Myspace users are prime targets. Always be suspicious of any official looking messages. The best thing to do is to never click a link in an email message. Instead access your online accounts the way you normally do, via a bookmark on your browser. That way you can see for yourself if your account information needs updating.
Third point: These big legitimate corporations are not really concerned with you being able to access your account. Chances are if you have trouble accessing your account you will need to contact them, they will not send you an email to make sure that you (out of the 300,000 accounts that they manage) can access your account. Some messages urge you to act immediately by saying that an account will be closed in 48 hours if you don’t take action. Don’t do it. Call your bank or financial institution. They wouldn’t send you an email message if it was that urgent.
Also note: You did not win the lottery held in Great Britain. If you didn’t enter a lottery there, why do you think you won something? You are not the new trustee for 1 million dollars from a Uganda prince in excile. No one needs your help in getting their funds out of another country. There is no group of 20 German tourists that need to make reservations at your bed and breakfast. Likewise, no one in Brazil wants to purchase 1,000 of the things you have for sale on your website. All they want is your bank account information, and once they have that you are done for.