Is This Credible?
Credibility is the quality of being trusted, or believable. There are so many clues to help us determine credibility and one of them comes from a sender’s email address. There is a lot of valuable information in an email address, if one knows how to look for it! Understanding this information can help you see through many scams. Let’s start with an excerpt from a very long email sent by a Nigerian 419 scammer’s “advance fee” scam. He asks for a reply back to the “Money Gram Agent” through that Agent’s email account. But the email is to a Gmail address called “moneygram8890,” as opposed to an email connected to the rightful domain, moneygram.com. Anyone can open a Gmail account and put any name they want in front of gmail.com! (In today’s digital world, overflowing with fraud, why does Google allow this to happen?! It’s pretty easy for AI to flag an account like this and immediately shut it down or put it on a watch list for fraud. But they don’t.)
When evaluating email, ALWAYS look for the domain that follows the “@” symbol! Anything in front of the “@” symbol is not important because it is easily made up to say anything the sender wants! To understand more about email addresses as a way to identify threats from credible sources, read our article “Where its @!”
We were recently contacted by a Solicitor (legal professional) named Daniel Walker in the UK on behalf of a client of his. Let’s ignore the fact that Mr. Walker didn’t address us by name. (No doubt, because he randomly sent this email to thousands of people.) He sent his email from a business-sounding domain called “FirstClassAdvisor[.]com.” We wondered if this domain was a credible website…
One of the most powerful tools to assess a domain’s credibility is a WHOIS tool. These tools can tell you when and where a website was registered, and more. There are many WHOIS tools and some are better than others. Here are just a few, with our favorite at the top:
And so we checked our favorite WHOIS tool to see when FirstClassAdvisor[.]com had been registered because the age of a website is a VERY valuable reflection of credibility for a website. For example, Amazon.com was registered in the US in 1994! By contrast, we learned that FirstClassAdvisor[.]com (without the brackets around the period) was registered anonymously in Canada less that a month before Solicitor Walker contacted us. This fact is NOT credible and strongly suggests that this email is a fraud!
Another critically important way to evaluate credibility is to use Google to investigate domains. HOWEVER, please be careful how you do this! If, for example, you enter MySuspiciousDomain.com into Google using the Chrome browser, it will simply send you to that website, which could be a dangerous malware trap. Not good! But if you use Google in the Firefox browser, it doesn’t do that (as of this publishing date) and Google will instead return information about that domain. So if using Chrome, you will want to ask Google a question like “what is MySuspiciousDomain.com?”
Disguised as an elderly woman, we’ve been communicating recently with Nigerian scammers. In this exchange of emails we heard from the Operations Manager of a Bank in Turkey. It turns out that we have money available to us but need to pay for a Turkish resident permit costing $1850 before we can withdraw any of millions of dollars in the Turkish Bank. Mr. Ahmat Burat says he is the Operations Manager for the QNB Finans Bank and uses an email address that comes from this bank. Or does it? Look VERY CAREFULLY at this email and then Google the bank to see what domain the REAL QNB Finans Bank uses.
Mr. Burat’s email used the domain qnbfinansbnk.com. But a Google search shows us that the REAL bank in Turkey uses the domain qnbfinansbank.com! This “sleight of hand” subtle change is CRITICAL to understanding the fraudulent methods used by many scammers! We then used a WHOIS tool to confirm the fraud. You can see in the screenshots below that the REAL bank’s domain, qnbfinansbank.com, was registered in Turkey in the bank’s name in 2016. And it is hosted on a server in Turkey, which makes sense for a Turkish Bank! However, Mr. Burat’s email address used the domain qnbfinansbnk.com (missing the “a” in bank). This domain was registered anonymously in the US in mid-May and is hosted on a server in Manchester, England!
Once we saw through this fraud, we used several tools to assess Mr. Burat’s website and they easily assessed it as malicious! The alternate Bank domain had ZERO credibility! We declined to send Mr. Burat the $1850 to pay for a Turkish residence permit! We encourage our readers to improve their anti-scam skills! To help you, we have a series of articles about ways to do that and you can find them at the bottom of our website in a red zone called “Build Your Anti-Scam Skills” as well as on the black navbar on the right side of our website.
Daily Scam Home Page