Never, ever, click on links in emails!
The computer corner
By Charles Miller
The other day I received an urgent email from my Mexican bank warning me that my account had been frozen in order to prevent any fraudulent activity taking place. The email looked entirely genuine and would have fooled even me except that I am always suspicious of any email I receive. When I scrutinized the email closer I noted that there was a link that said “Click here to log into your account.” I never click on links in emails, and the advice I give to everyone is to never click on links in emails. There is rarely any way to tell a valid link from a malicious link, and so there is no way to ever make it safe to click on links. When I hovered my mouse over the link in my email, I could see in the lower left of my screen that the link connected to:
I fired up my test computer, the one that has none of my personal information on it. When I opened that web page above, what I saw was the Bancomer web page I expected to see, except that my network packet sniffing software started vociferously warning me that Bancomer was silently installing a keystroke logger and other malware on my computer. Now my friends at Bancomer would never do such a thing, so what was going on? Look closely at the URL above for the answer. When I clicked on that link I did not connect to bancomer.com in Mexico but to mexio.cc which was a fake site in Cocos (Keeling) Islands, a fake copy of the Bancomer web site. Anyone who enters their username and password into that fake site would probably have their real bank account emptied by the crooks in minutes. Do not bother trying that address; I reported it, and the site is already taken down. Besides, most of these scams keep the fake site up for only 48-72 hours before vanishing.
Let us take a look at another URL. This one appears to be a login for Yahoo, but a closer examination shows it is not that at all. https://api.login.yahoo.com.WSLogin.V1.unlink.scam.ru/offers-intl=us
The Top Level Domain (TLD) such as .com or .net or a county such as .de (Germany) or .mx (Mexico) almost always follows the last period and is itself followed by a slash. The domain in the example above is scam.ru, meaning that if you clicked on that link you would be taken not to yahoo.com but to a malicious site in Russia.
Now let us dissect a more complicated URL. If you buy at Costco you might be tempted to click on the link in the email you received, the one that says you have a refund coming to you and all you have to do is claim it. Here is the link: https://refunds.costco.com.customer.service.include.phpc.oZzopP.24O1OaeNVwy2DvlOnS49.md/eyumKsRFPrz74qbOIbRor4=
Looking at that URL above you might be tempted to think it is refunds at costco.com or something to do with customer service. In reality, this address connects you to “24O1OaeNVwy2DvlOnS49.md” which is a web site in Moldova (.md). I am not aware Costco has a refund department there, but Moldova is seen by many as a hotbed of online fraud.
As explained earlier, when you receive an email with a link, you can usually see where a link will take you if you hover your mouse over the link without clicking. Look in the lower part of your screen to see if the URL is visible when you do this.
A better, easier, and safer solution is to do what I do: Never, ever click on links in emails!
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 044 415 101 8528 or email FAQ8 (at) SMAguru.com.