Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
No Result
View All Result

How to use WHOIS to analyse scams

Leigh :) StarkbyLeigh :) Stark
January 3, 2022
Reading Time: 3 mins read
Share on TwitterShare on FacebookShare on LinkedInShare over email

Scammers are getting more convincing, but if you need a tool to unmask their cons, a simple domain check might be it.

The holidays won’t stop the scams, as indicated by our inboxes. Email and SMS have been a constant target for cybercriminals, and we’re not the only ones, as scammers look for more convincing ways to trick you.

A colleague recently popped up with one to kickstart the new year that was rather convincing, using the fake SMS ID scammers can trigger from online SMS sending services, and even registering a website domain that looked a little convincing, as well.

Slick scam pic.twitter.com/2kWXjh72ce

— ??‍♂️ m i k e (@yomikestevens) January 2, 2022

The scam, which fakes a two-factor code being sent, seems to suggest someone has authorised a verification code in your name, and this is the way to check if it was you.

For some, it may be a little convincing, but there is a way we can unmask this scammer, simply by going behind the scenes of that link they’ve used.

WHOIS can be your friend

Every time someone registers a website domain — the www dot whatever — they have to enter some details. One is what they’ll pay, obviously because these things aren’t free, but the other set of details is who is doing it.

You can set these to private, mind you, and registration companies will redact them, but typically an actual business will include them. Banks will include them. Financial institutions will include them. Publishers worth something will include details.

Not everyone will, and scammers will typically opt for privacy and redact. And sometimes, they may even just ignore it all the same, and leave their details.

However, because these details are available in some form for every domain name in existence, you can compare the real website versus the one that has been sent to you, and see if they line up. They almost never will.

Most web domain registration companies offer access to a tool called “WHOIS”, which checks on the registration details of a website name. You can find it on pretty much any registrar, and if you have a Mac, you can also access Terminal (hit the magnifying glass and type in “Terminal”), and then type in “whois” followed by the domain you want to check out.

However you use WHOIS, and it can tell you who has registered the site you’re looking up, and then you can compare it to the actual site.

For instance, we checked out the scam site’s WHOIS details versus the real ANZ banks registration details using CrazyDomains’ WHOIS checker. One is redacted as expected, and the other looks a little more authentic.

Scammers can be convincing, but you have ways to check

It’s worth noting that while scammers are always looking for ways to convince you of their legitimacy, most are relying on the idea of urgency and that you’ll click without checking.

Scams are at their most effective when we trust the urgency they impart, but that’s also why you shouldn’t. Your phone number and email are not sacred, and it’s very likely your information has been leaked or guessed at one point, with criminals interested in your details as a financial reward.

Clicking on scams like these throws you down a complex rabbit hole, potentially exposing you to phishing sites, which are deliberately built to deceive. Fake versions of real websites, phishing sites are one of the key tactics scammers use to get you to hand over real details, after starting the deception using emails and text messages worded to appear real.

However a little bit of research and education can save you, and even without visiting the link — by looking at the URL a message is trying to direct you to — can tell you whether it is worth investing any time in at all.

Leigh :) Stark

Leigh :) Stark

One of Australia's well regarded technology journalists working out of Sydney, Leigh Stark has been writing about technology for over 15 years, covering phones, computers, cameras, headphones, speakers, and more. Stylising his middle initial with an emoticon, he aims to present tech in a way that makes it easy for everyone. While he founded Pickr in 2016, Stark's work can be seen in other publications including The Australian Financial Review, Popular Science, and many more. His award-winning podcast "The Wrap" is syndicated on Southern Cross Austereo's LiSTNR network weekly, while he can be heard on radio via ABC Brisbane and ABC Canberra, and seen on TV's Nine. Check out Leigh Stark's most recent media appearances.

ADVERTISEMENT

Related Posts

Scammers try a dark approach with coronavirus vaccine scams
Security

Monkeypox gives scammers something new to con with

June 12, 2022
Samsung Galaxy S22 Ultra reviewed: practically epitomising premium
The Wrap - Australia's fastest technology roundup

The Wrap – Big screens, security, and Samsung’s S22 Ultra

May 23, 2022
Scammers try a dark approach with coronavirus vaccine scams
Security

Google Drive goes on defence with anti-malware, anti-phishing

May 17, 2022
ADVERTISEMENT
  • Recommendations
  • Best Picks
  • Methodology
  • About
  • Media Appearances
  • Contact
Change the way you choose.

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.

No Result
View All Result
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.