Easily spot a scammer from the website address from a text or email
We all get those texts that look like they’re from a local courier with a link to track a parcel which then tricks you into adding your personal details, or an email supposedly from your bank with a link asking you to login. It’s easy to get caught out, but there’s a simple way to spot it just from the website address and it’s all to do with spotting the subdomain.
A subdomain is just that, a domain subservient to the main domain and it can be anything. For example polyspiral.com is our domain name or website address and subdomain is a subdomain I set up to demonstrate the example, so subdomain.polyspiral.com is a subdomain of Polyspiral.com.
Now anyone can register a domain name as long as it’s available, but what you can’t do is register one that is already taken. So royalmail.com is taken by Royal Mail (Obviously), but anyone can register mypackagedeliveryservice.com (which was available at the time of writing this article) and subdomains don’t have to be registered like domain names are, they can be anything you’ve made up. So it’s entirely possible to have royalmail.mypackagedeliveryservice.com if you’ve bought the main domain name, and much more worryingly possible to build a legitimate looking site which looks like Royal Mail with a form where you enter your details for the scammer who own the site to use your data to scam money from unsuspecting victims or some other horrendous activity. All they then have to do is send that email or text, and for you to click the link.
So remember look at the word before the domain suffix - the .co.uk or .com:
That is the domain the site is under, not the subdomain. If the SMS message or email says it’s from Royal Mail, or UPS or FedEx but the main domain isn’t theirs you know it’s a scam and best to report by following these instructions: https://www.actionfraud.police.uk/report-phishing then delete and block the number or mark the email as spam.