.com Doesn't Mean It's .safe

| | Comments (0)
A common warning in relation to many phishing attacks is "Look for the .com in the URL, because that's the official site domain - if you see that you know it's the real thing".

All well and good, but sometimes people find a way to place a ".com" in there anyway.

Here's a fake XBox.com phishing page - note the URL:

finalgive1.png
Click to Enlarge

Amazingly enough, it's

xbox.com.au.tp

The problem here is that we're so conditioned in relation to "Look for the .com" that many people will see this domain and think, well, it HAS to be legit - completely disregarding the "au.tp" part that comes after it.

Unfortunately, it isn't real in the slightest. How did they get the above domain to look the way it does? Well, a .tp domain is the top level domain for East Timor. You can't actually get them anymore (due to it being replaced by .tl), but you can get various subdomains through resellers. A quick jump over to Tipdots.com, and....

finalgive2.png

....whoops. Of course, the fact that the fake site is promoting a "4th of July giveaway" would hopefully make people stop and think that all is not right here, but that's not an assumption I'd be comfortable in making.

Looking out for ".com" in a domain is indeed useful - but only if you pay attention to what comes after it.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 24, 2009 6:13 PM.

Twitter Profile Image Spam Messages was the previous entry in this blog.

Nine Days In July: Greed And Stolen IDs is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.