Domain Name Manipulation in Phishing Emails | Stewart Title Blog

This week’s example of a phishing email is nothing out of the ordinary. It’s another easy-to-spot, poorly written email used to phish for personal information. Most of you who received it either discarded or reported it already. Still, the sender email caught my attention and I thought it was a good time to explain how domain naming works.

Our domain is stewart.com, so Name@stewart.com is an email address on that domain. Most of us are familiar with the original top-level domains: .com (commercial), .gov (government), .mil (military), .edu  (education) and .org (nonprofit organization). A more recent explosion of domains added several more domains to the world, including .info, .tv, and .local.  Perhaps less known are country code domains. These always have two letters that correspond to the unique country. They can replace top-level domains or simply add to them. For example, .ru is for Russia and .br is Brazil.

Why is this important to know? Email addresses can easily be spoofed, but they also give away the origin of the sender. Wikipedia goes into depth about that, if you’re looking for a little nighttime reading.

In our business, we rarely deal with foreign buyers or sellers and, if we do, we typically know about it ahead of time. Here’s what this week’s example looked like:

[pick up email graphic: [External] From Barr Philip]

If you received an email you weren’t expecting from pagios@leopoldina.com.br (Brazil) and you haven’t already discarded it, now’s the time.

Think before you click.

Leave a Reply