We all loathe the daily routine of sorting the mail. It has become an unpleasant part of the mail service we must endure. Whether it is digital or paper letter, at some point you have to sit down and flip through all those pieces of mail and separate what is junk and what is legitimate. It is a natural progression that the better we get at spotting junk mail, the more adept and creative the solicitors become in manufacturing it.
I would like to share a prime example of one such article of junk that is being currently circulated. It is a letter that at first glance appears to be from your internet service provider. The average consumer can have numerous providers for varying services; from hosting, to email, DNS, etc. Of course this can create more than a little confusion for anyone who gets an official-looking invoice from a company claiming to provide you service. Take a closer look at these key points:
- The company name sets the tone for the whole letter. In this case the name of the company is DNS Services, which right away grabs your attention, because you know you need DNS. This is a particularly clever name, as while most people know they need DNS, they don’t know exactly why, or what it is for, causing you to pause and investigate further.
- As you scan down the page the other detail that grabs your attention is the style. It looks like an invoice, implying that the sender is requesting a past due payment. There is even a fabricated “account number,” which is most likely nonsensical string of numbers.
- Now for the most convincing portion of the document; under “Description” you can see your information, including a reference to ePolk, intermingled with the fake company’s name. This is what seals the deal. Most consumers believe there is no way anyone could have access to this information unless they were indeed in league with the service provider. Unfortunately, this is not the case. Your DNS information is a matter of public record. Search your website name on a directory site like http://whois.domaintools.com and see what is publicly accessible – your name, address, DNS, etc.
- It is said that the devil is in the details, and in this instance that could not be more accurate. The fake company has provided a website you can visit, they have a physical address you can look up, and they even have a phone number you can call. This number rings through to an automated service where you are told “we are having a high call volume, you can continue to hold, or leave a message.” No one picks up the phone, and after exactly twenty minutes of holding you are asked to leave a message. SPOILER ALERT: No one is going to call you back.
The key to the recipe in all of these types of scams is their surface believability. They add all sorts of information that lends to their credibility, having a website and a phone number, then sprinkle in some bit of public information that you think is private and.. voila spam-city! The best way to protect yourself is to check your records. As with this example, if you don’t know who provides your DNS, find out. Then call them to verify the invoice is legitimate. At the very least pick up the phone and call whatever number is listed on the letter. They are counting on that surface believability, with just a small amount of effort you can quickly determine if there is some deception involved. As with most deceptions, the way to avoid falling prey is to be on your guard. Samuel Johnson said it best, “Fraud and falsehood only dread examination. Truth invites it.” So stay vigilant!