There’s a new trick up their sleeves that identity thieves are using to try and fool users into thinking they have been taken to an authentic URL. It applies only to Microsoft Internet Explorer and it may work only if the user has not changed the default location of the Address Bar, which still probably accounts for 80% or more of all online users. Remember my third tip from a few days ago?:
- Next, if there’s a link to click on, make sure it actually leads to the site in question. For instance, note this next link http://surfsafely.com/. It says surfsafely.com but if you click it you will actually be taken to safe-pc.co.uk (Don’t worry. That’s one of mine too). Likewise, in an email I can type what looks like a link to ebay (http://cgi3.ebay.com/) that takes you somewhere else entirely. The key is to examine the actual URL in the browser Address bar. If it starts out with any combination of numbers likehttp://169.254.67.20/some/clever/subdirectory/name/ or http://cgi.ebay.anyotherdomain.com/some/clever/subdirectory/name/ leave immediately! “You’re not in Kansas anymore.”
Well, it seems you still have to be careful. The new trick is to paste what looks like the authentic URL over the location where they expect the address bar to be, third line down in the menu bar toward the left side of the browser window. Here’s a screen shot to show you how it actually looks.
Notice that there appears to be two address bars? The real one is at the very top because I moved it there to use up otherwise unused space in the browser and make room for the Google toolbar. The fake one rests on top of what should be my Google Toolbar. Fortunately for us, the only way scam artists seem to be able to put this fake address bar up is to force it to the top of all open windows on our desktops. This means if you slide any other open window over the position of the fake address bar, it will still show on top of other window. Here’s what it looked like when I did it.
This should never be and it’s your cue to leave. (And yes, this is a real scam, Washington Mutual is the actual target and the web pages are still live collecting personal information from individuals. This one is actually being hosted in Taiwan.)
One thing I do like about Outlook Express (the free email client bundled with Internet Explorer) is that before you actually click the link from within an email to go to a web site, it shows you the URL you’re about to be taken to in the status bar at the very bottom of the email window BEFORE you actually go there just by hovering the mouse pointer over it. If you use Outlook Express try it now and hover your mouse pointer over this link. By contrast, Microsoft Outlook (The paid version that comes with MS Office) does not offer this feature by default. At least not MS Office 2000 which is what I use. Others versions may. If they do please let me know so I can tell others. If you have Outlook and would rather use Outlook Express there’s nothing stopping you. You can migrate and import from Outlook very easily and just pick up where you left off in Outlook Express.
Another solution is to wean yourself away from Microsoft products entirely. They are not affected by these tricks. I recently visited my Mom and, as usual, gave her computer a full system diagnostic. She still uses Netscape Communicator 4.78 to browse and the bundled email client Messenger. At most homes I visit while wearing my Safe-PC hat I uncover hundreds if not thousands of spyware programs, cookies and registry hacks that have installed themselves through Microsoft products over time. They slow your computer down, cause it to crash and are a brazen invasion of privacy. When I ever looked at my Mom’s computer and found absolutely no spyware, no registry hacks, no dangerous cookies planted by web sites or email, even my jaw hit the floor! It was so refreshing to sit at a clean machine words cannot even express it. I will again be looking much closer at Microsoft alternatives to browsing and email. Watch for it in the coming months.
One reader just shared a tip with me that she saw on eBay. Rather than clicking a link from within a suspicious email, open a fresh browser window and type in the suggested URL manually. There’s no way for a scam artist to spoof it this way. The only down side to this method is some URL’s are very long and anything after the / that follows the domain name is caSe SensiTiVe. One wrong keystroke and you’ve got a “URL not found” message. As for myself, I’ll just watch the links carefully.
So that’s about it. Watch for the danger signs. Not all but most “identity checks” are really identity theft scams.
Please share these tips with friends and family. The sooner we stop these scam artists the safer we all are.