The best tip for scams: always check the domain

Share on facebook
Share on twitter
Share on reddit
Share on linkedin

If you need a big tip to let you know how scams work and how you can beat a scammer, always check the domain.

Scams are on the increase, and try as we might to stop them, criminals are getting more and more daring. They know that some of us will fall for their scams, and since these make big money, it’s unsurprising that they’re going to increase.

In 2018, the Australian Competition and Consumer Commission found that around half a billion dollars was lost and reported as a result of scams. We can only imagine that number will increase, as scammers know there’s big money in the con.

Education is clearly an answer, and once you know the tricks of the trade and have learned how scams work, you can get across the things you need to never get fooled again. The power is in your hands, and all you need to do is learn.

And that can start with the most basic tip, and one that applies to so many scams.

Check the domain

When you surf the web, the domain is the website. It’s the part of the browser that invariably goes www-dot-something, or might lost the www and just get straight to the meat and bones.

The domain is how a website is identified, and the most positive part of the domain is that it can’t be tricked.

Google owns google.com and google.com.au, and a whole heap of other places that connect with the Google brand.

Telstra owns telstra.com.au and telstraglobal.com, as well as a few others around the web.

The domain structure is fairly clear on these official sites: whether you go to www-dot-something or just the straight address, the domain ends at those addresses.

And that cites a very important point scammers try to scam with: when a criminal sends out a faked link, it may cite the name and website, but it won’t end in that link. Rather, it will start that way.

How scammers fake a domain

A reader of the Pickr website recently showed a scam link that was a little more complicated than others. It was a fake site for the Australian bank, NAB, which read as nab.com.au.unlock-nab.services. It’s similar to a scam attempt of the Commonwealth Bank, which read as verification-support-commbank.com, both of which include familiar bank names in the domain, but aren’t the same if you study them closely.

Commbank scam on SMS

Let’s tackle that Commbank one first, because it’s easier. While the domain includes commbank.com in the name, that’s not the entire name altogether.

Rather, it’s verification-support-commbank.com, which isn’t the same. Simply having a similar or close domain in the name doesn’t make it the same, though it’s something not everyone is aware of.

It might seem close to commbank.com or commbank.com.au (which is where .com generally redirects to), but these addresses aren’t the same. Instead, the extra words and characters make it a totally different website, which is the point scammers have essentially made. By throwing in extra information, the link sent is meant to be similar enough to trick you.

All of this can seem a touch complicated, but the point is this: if the website domain doesn’t read exactly the way it should, the website is a lie, and the message is likely trying to scam you some how.

Take the NAB version, which is a little more complicated. Reading like nab.com.au.unlock-nab.services, it can seem like it’s the real deal. But again, you need to look at the domain a little more closely to see what it actually is.

Break the website up into sections, and remember only the last section matters:

nab DOT com DOT au DOT unlock DASH nab DOT services

There is no .com or .com.au to finish the sequences, but .services is a domain suffix you can buy. In this website, the scammers have bought unlock-nab.services, and that’s the actual domain you’re going to. The stuff before it is just there to complete the trick, to make you think you’re going to nab.com.au, when you’re actually going somewhere else.

Always check the domain

Scammers will be looking for ways to trick you all the time, and faking a domain is one of the easiest tricks in the book. But you can even the score by looking carefully at the domain and making sure it says what it should say.

It’s one reason why it’s always a good idea to check the domain before clicking, seeing it with your eyes to work out whether the link is indeed real or not before you click.