Scammers rely on your ignorance in order to fool you into clicking on their link and typically entering your bank details.

Don’t let them! 

DISCLAIMER:  DO NOT TRY TO VISIT THE EXAMPLE SCAM LINK GIVEN IN THIS POST.  YOU ALONE ARE RESPONSIBLE FOR YOUR ACTIONS.

When you receive a link in an email, you should analyse that link to determine the authenticity and legitimacy of that link, before you click on it.

I was recently forwarded a scam email to analyse.  If you have recently received a suspicious email with a link, here’s how to analyse that link.

Firstly, hover the mouse pointer over that link.  At the bottom of your email window (commonly called the status bar), you should see a web address appear.

In this example, a link was received purporting to be from the UK bank Cahoot.  But the link address is suspicious – so let’s analyse it…

http://ip270-c6.gi.digl.pl:8887/securebank.cahoot.com/servlet/com.aquariussecurity.bks.security.authentication.servlet.LoginEntryServletBKS/

… the bit in bold is what you’re interested in.  The rest is not really of interest.  However, when you come to inspect a link in the future, it’s worth knowing the following:

How to analyse a link in Thunderbird
(click for larger image)
  • http://

    This means the protocol that your browser will use.  A secure, encrypted browser connection begins https:// ; therefore, the link above will be unencrypted (not secure) between your computer and the server.  This is a tell-tale sign that it’s trouble.

  • ip270-c6.gl.digl.pl

    This is the domain name, like “bbc.co.uk“, “fedoraproject.org” and “google.com“.  This is the most important bit.  The best way to read this is actually from right to left.  The most right hand part, “pl“, is the top-level domain (TLD).  pl is the TLD for Poland.  tw is the TLD for Taiwan.  ru = Russia.  And so on.  For reference, you can find a list of TLDs here: http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

    The next two bits should really indicate the organisation of the originating email. digl is meaningless; it’s been made up by a scammer to probably infer “digital” or something like that.  Likewise, gl is also meaningless.

    A meaningful alternative would be cahoot.co.uk, as it is registered with a UK TLD and represents the claimed originator of the message.

  • :8887

    The last bit of this link is what’s called a port number.  The (optional) use of this by scammers is again a visual distraction which makes it harder to read the real web address.  Apart from the fact that no bank would ever request your details by email anyway, if they were credible they most certainly wouldn’t use a web address with a non-standard port number.

    The best thing to do when reading an address is to ignore the port number but be aware of the fact that it’s been used. 

For more information, check out this PDF on avoiding email scams.

And for those who were paying attention and spotted the deliberate mistake, well done! 🙂

Enhanced by Zemanta

[ Originally posted here:  http://web.archive.org/web/20130918070911/http://onecool1.wordpress.com:80/2008/09/19/microsoft-outlook-2007-imap-exchange-and-moving-those-special-folders-back/ ]

As a Microsoft Windows Small Business Server 2003 user, I have the option of using either Microsoft Outlook for native Exchange mail server connectivity, or using another, open standard protocol such as IMAP.  So, in my finite wisdom, I decided… why not?!


Why not indeed.  The reason for using IMAP (Internet Message Access Protocol) is so that I could use….. wait for it… a non-Microsoft email client with my Microsoft server.  The very notion.  Well, actually it’s not too bad.  You enable the IMAP service on the server, set up the mail account in Thunderbird, and hey presto – log in!

Unfortunately, my client (Mozilla Thunderbird) then seemed to have done certain things which – only now – take my slightly by surprise.
An Exchange mailbox, as standard, contains some basic top-level folders, such as Calendar, Contacts, Deleted Items, Drafts, Inbox, Outbox, Sent Items and Tasks (this is probably not an exhaustive list).  In contrast Thunderbird, by default, contains Inbox, Drafts, Sent, Deleted, Junk and Trash.  So, what’s in a name?

Well, after using Thunderbird/Exchange via IMAP (and not actually noticing this at the time of doing so), a couple of the Exchange folders had disappeared.  I only noticed this later when using Outlook again, and couldn’t locate my Sent Items or Deleted Items folders.  I then found them lurking within my Trash folder.  Ok, so this has got very messy.

It sadly got worse.  Now that these “Special Folders” in Microsoft parlance have been moved, they could not be moved back in Outlook.  When trying to drag “Deleted Items” to my top-level Mailbox, I would be told “Cannot move special items.  Special folders, including the Inbox, Contacts, Calendar, Notes, Tasks and Journal folders, cannot be moved.”  Oh, I see.   Although I tried various methods within Outlook to achieve the same thing, I failed miserably.

So what is the solution?  Ironically, going back to Thunderbird and simply dragging the folder from Trash into the top-level mail account/box did it.  It re-sync’ed over IMAP and everything gets copied correctly.  How ridiculous.

The solution is not to run scanpst.exe or scanost.exe, or to start up Outlook using the “Safe” switch, thus:
C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE” /safe

It’s not even starting up Outlook with “Reset Folders”:
C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE” /resetfolders
… or the combination of both.

This is one of those annoying, inexplicable problems that you somehow just get used to.  I hope this helps someone else out there who has suffered the same issue.