SHCC WYSIWYG Article from November 2006

Previous Next

This article was written by Don VanSyckel, the club president, as a part of "The President's Pen".  This article appeared in the November 2006 WYSIWYG newsletter.

Phishing Season is Open and You're the Catch

by Don VanSyckel

Be on the look out for phishing emails. Any email asking you to supply information either in a return email or at a web site is suspect and probably phishing.

Remember that when a web link or address is displayed (usually underlined and in blue) and looks like a valid web address, the web address the link points at is not necessarily the same. In most browsers and email readers, when you hover over a link the web address it will send you to is displayed in the lower left corner of the window. If the link looks like a web address in the email and when you hover over it a different web address is displayed in the corner of the email reader then you are being tricked. Don't go there. The whole address displayed should match the whole address displayed when hovering.

For instance you get an email with the link: with a request to update your records. When you hover over this link and look at the lower corner of the email reader you see something like:

This certainly looks like the Sears web site. Here's a very important difference, it does not matter that the address has in it!! What matters the most is the part of the address called the domain which is the section following the double slashes '//' through the next slash or end if there is no other slash. In this case we see that this is '' and this is certainly not the Sears web site. The rest of the stuff following this just tells where on the web site to look.

So the trick is to make you think you're at a web site you trust, like Sears, but you're actually at a web site run by crooks trying to steal from you. First they steal your information. Then they use this to steal your money.

A phishing email currently going around from "Michigan Schools & Government Credit Union" is very convincing in its request for your assistance in updating your records. It contains a rather long link. When you hover over this link you can clearly see that the actual address you would be sent to does not match that displayed in the email. WARNING!! WARNING!! should go off in your head! I'm not sure what country the 'tw' domain suffix actual belongs to but its likely not anyplace you can get your money back from. And as in other types of fraud, while catching the crook and having them thrown in jail might make you feel better in the short term, it does nothing towards getting your money back if the crook has squandered it.

The same trick with web addresses can be done with links on a web page. So if you are at a site you don't trust be careful. Hover over any link that looks like a URL and see if the URL displayed matches.

Not all links match the text displayed. It's a feature that is very useful. Go to the SHCC web site and look at the club web page and find the "Article of the Month" link. Hover over it. See where it points to? In this case we're not tricking you, but then "Article of the Month" doesn't look anything like a web address. In this case displaying "Article of the Month" fits into the context of the page and is much more meaningful than the actual URL.

You need to be on your guard when reading your email with web addresses in it. You and only you are the first line of defense to prevent theft from you.

End of Article

Previous Next

To discuss the article with the author, send an email.

Article Index Page

Club members should contact the webmaster with comments and suggestions about this web site.