Australia markets open in 5 hours 15 minutes
  • ALL ORDS

    7,324.90
    +36.10 (+0.50%)
     
  • AUD/USD

    0.7022
    -0.0102 (-1.43%)
     
  • ASX 200

    7,064.30
    +31.80 (+0.45%)
     
  • OIL

    89.52
    -2.57 (-2.79%)
     
  • GOLD

    1,793.60
    -21.90 (-1.21%)
     
  • BTC-AUD

    34,323.73
    -500.14 (-1.44%)
     
  • CMC Crypto 200

    572.46
    -18.30 (-3.10%)
     

You could lose thousands if you miss this URL detail

·3-min read
Man upset on phone looking at computer and Woolworths scam screenshot
Keep an eye out for dodgy URLs. (Source: Getty/supplied)

Scammers have been taking advantage of the “.au” direct domain names - which opened up earlier this year - to slip through spam filters.

Domain names with “.au” - as opposed to “.com.au” - became available in March.

Cybersecurity expert Ned Farhat said fraudsters were experimenting with “.au” domain names to avoid spam detection.

“While this could be handy for companies and brands, unfortunately it has opened up the opportunities for scammers too,” Farhat said.

He warned people to watch out for a Woolworths scam with a “woolworths.au” domain name.

Farhat said the random jumble of letters at the beginning of the URL alerted him to the scam.

“It's like someone pretending to be Michael Jackson but their name is actually XYZMichael Jackson,” he said.

Farhat said there were a couple of different ways these URLs were being used to bypass spam-detection software.

One way was to mimic a legitimate email, such as from a major bank. Often a scammer would keep all the real links back to the actual website aside from one - the ‘call to action’ - which might be a link to reset your password.

Here, the scammer might use a bogus “.au” website instead, which may not be picked up by the spam filter.

Another “.au” strategy is to set up a website that looks identical to the original but the URL is not actually in English. Instead, it uses a foreign character that looks like an English letter, such as an accent on the letter “c”.

“To you it looks the same, to the computer it is a completely new character,” Farhat said.

From the spam filter’s perspective, the dodgy website looks legitimate because the email matches the links in the body text.

Farhat said scammers would continue to “innovate” to avoid spam filters.

“But ultimately the best line of defence is you,” he said.

How scammers dodge spam filters

According to ScamWatch, which is run by the Australian Competition and Consumer Commission (ACCC), you’ll sometimes see misspellings and grammatical issues in fraudulent text messages or emails that are trying to avoid spam filters.

An ACCC spokesperson said scam messages were sometimes intentionally sent with different grammar, spelling, gibberish characters and alternate versions of letters in a bid to avoid spam filters.

This was a tactic used in the Flubot scam, which saw Aussies scammed out of $10,743 due to bogus text messages about missed packages and voicemails.

Scammers also often accidentally make grammatical and spelling errors.

The ACCC spokesperson said that may be because the criminals did not always have access to advanced English speakers.

The spokesperson said these sorts of mistakes should be viewed as a “red flag”.

People should watch out for overly official or forced language, as well as language or wording not commonly used in Australia.

However, the spokesperson said some fraudsters were capable of using the correct grammar and spelling.

“If a communication is unsolicited or you are otherwise in doubt, contact the organisation or individual it claims sent it through a communication channel you have found independently or used previously,” the spokesperson said.

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting