I was browsing my twitter feed this morning and remembered one of my followers/followees (?) had just spent some time changing their website and thought I would have a look.
Their twitter profile had their website link in it and I duly clicked it and found the landing page for their hosting company – oops.
What had been forgotten was that “www.domain.com” is a different website to “domain.com” they had omitted to make a second entry in their DNS server for “domain.com” easily done in the rush to launch. Some companies actually use it for a second machine for redundancy or extra pages. I have found internal servers using this function and being presented with Microsoft Small Business Server login screens before now, giving access to the local network with some username and password social engineering, not really where you want customers to end up even by mistake.
borrowed this image from SBS Diva’s blog, thank you.
I recently had a big debate with the branding department of a major UK organisation where they said that “domain.com” looks better in documents than “www.domain.com” they had no idea of the ramifications when they did it on sites that they had no control over.
This made me think of how lazy our web browsing has become, we now use the browser address bar as a search bar:
This means we stop typing http:// or www and just enter the company name. We could end up anywhere !! Mostly Google, Bing etc. show you the right sites (after having noted your search history) but there are a lot of phishing sites out there ready to grab your details and they have been known to sell to you and take your money before you know anything about it.
I am not the only one that thinks this, HMRC has a page on it, all about emails but note the web links lower down
As do Microsoft, note the misspelt links on the page
Google’s search shows over 7m examples when you search for “examples of phishing scams”
The answer is to be very careful about DNS and your use of the search bar when you are surfing somewhere which holds your personal information and when you shorten things for Twitter feeds etc.