Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

How to use WHOIS to analyse scams

Scammers are getting more convincing, but if you need a tool to unmask their cons, a simple domain check might be it.

The holidays won’t stop the scams, as indicated by our inboxes. Email and SMS have been a constant target for cybercriminals, and we’re not the only ones, as scammers look for more convincing ways to trick you.

A colleague recently popped up with one to kickstart the new year that was rather convincing, using the fake SMS ID scammers can trigger from online SMS sending services, and even registering a website domain that looked a little convincing, as well.

https://twitter.com/yomikestevens/status/1477549689016778752

The scam, which fakes a two-factor code being sent, seems to suggest someone has authorised a verification code in your name, and this is the way to check if it was you.

For some, it may be a little convincing, but there is a way we can unmask this scammer, simply by going behind the scenes of that link they’ve used.

WHOIS can be your friend

Every time someone registers a website domain — the www dot whatever — they have to enter some details. One is what they’ll pay, obviously because these things aren’t free, but the other set of details is who is doing it.

You can set these to private, mind you, and registration companies will redact them, but typically an actual business will include them. Banks will include them. Financial institutions will include them. Publishers worth something will include details.

Not everyone will, and scammers will typically opt for privacy and redact. And sometimes, they may even just ignore it all the same, and leave their details.

However, because these details are available in some form for every domain name in existence, you can compare the real website versus the one that has been sent to you, and see if they line up. They almost never will.

Most web domain registration companies offer access to a tool called “WHOIS”, which checks on the registration details of a website name. You can find it on pretty much any registrar, and if you have a Mac, you can also access Terminal (hit the magnifying glass and type in “Terminal”), and then type in “whois” followed by the domain you want to check out.

However you use WHOIS, and it can tell you who has registered the site you’re looking up, and then you can compare it to the actual site.

For instance, we checked out the scam site’s WHOIS details versus the real ANZ banks registration details using CrazyDomains’ WHOIS checker. One is redacted as expected, and the other looks a little more authentic.

Scammers can be convincing, but you have ways to check

It’s worth noting that while scammers are always looking for ways to convince you of their legitimacy, most are relying on the idea of urgency and that you’ll click without checking.

Scams are at their most effective when we trust the urgency they impart, but that’s also why you shouldn’t. Your phone number and email are not sacred, and it’s very likely your information has been leaked or guessed at one point, with criminals interested in your details as a financial reward.

Clicking on scams like these throws you down a complex rabbit hole, potentially exposing you to phishing sites, which are deliberately built to deceive. Fake versions of real websites, phishing sites are one of the key tactics scammers use to get you to hand over real details, after starting the deception using emails and text messages worded to appear real.

However a little bit of research and education can save you, and even without visiting the link — by looking at the URL a message is trying to direct you to — can tell you whether it is worth investing any time in at all.

Read next