How can scammers use offiicial urls?

Question:

2012-07-17 12:54:21 UTC

My mom got a text message saying she won a gift card from Target. The only thing is, she doesn't go to Target nor did she enter any sweeptakes. So I search the url first before actually going to it and find out that it's a scam. But the url clearly has target.com in it. How is this possible?

Four answers:

CanadaRAM

2012-07-17 12:58:32 UTC

The URL that is displayed in the text has no relationship to the actual URL that is in the HTML code

so someone can put a line like "Visit www.target.com"

But the code is more like this (the code below is intentionally broken up with spaces so you can read it and yahoo doesnt turn it into a link)

< A : HREF= " h t t p : // www . reallybadplace.com "> Visit www.target.com < / A >

or the URL can be constructed like

www.target.com.reallybadplace. com/contestwinner/

The www.target.com is just a machine name which can be anything, reallybadplace is the real server domain name

Also if there is an @ or a ? in the code, it can alter the way the URL works

www.target. com/contestwinner/replynow/ @ www.reallybadplace. com does not go to target.com, it goes to reallybadplace.com

Moral of the story NEVER EVER go to a weblink that is in an unknown email.

If you want to go to a site, type the address manually into your web browser location bar so you know that it is the address you intend.

2012-07-17 13:00:14 UTC

Yes if he used html coding he can easily fake the url. That's is the reason you have to always make sure when you go to the site that the url read read as it is supposed. For instance the scammer can include the word target in the url but the domain name is not actually from target.com

brainiacATwork

2012-07-17 12:58:12 UTC

Dictionary attacks

Some spammers use software to randomly generate email addresses for popular email providers. Commonly called dictionary attacks, the software will guess the first part of an email address: guessed@emailprovider.com

The way to avoid this is to use an email address containing special characters such as underscores or numbers.

Purchasing third party lists

Buying email addresses from third parties.

To avoid this only give your email address to trusted sites.

Email Harvesters

Some spammers use special software called email harvesters which scan webpages for email addresses. Common targets for email harvesters are message boards and social networking websites.

To avoid your email being picked up by this type of software, when including your email address on a webpage (for example when you use a message board) try to obscure it. For example, use john AT yourprovider.com instead of using the @ symbol.

At the bottom of ads like this one from Target, there's usually a link on the bottom to 'unsubscribe', you can click to unsubscribe to their email list, or you can block their address so she doesn't receive any more from Target.

Janice

2016-02-21 05:01:04 UTC

Cool

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese