Gone Phishing
Posted: Wed 2 May, 2018 Filed under: Customer Services, Cynicism, Domestic, Geeky, Security, Thoughts Leave a comment »One of the things about being a techie is that I own a fair number of web domains. Some I’ve got for things like ongoing projects, business names I like, and a bundle of other stupid shit. A lot are in the “when I get a chance” state of being – the ideas remain, and haven’t been done by anyone else, but for now they’re kind of drifting.
However, one of the other things I do is have a couple of domains that are purely for use when buying stuff. They’re set to forward everything to my home email account, so it means I can set up anything @ the domain and it’ll do what I want. While it sounds a little bit mental, there’s a very good reason for all this.
For the purposes of explanation, let’s say I own a stupid domain, like myemail.com
So – when I buy something from a new company, I register with them using [company_name]@myemail.com . Any mail there will come to me – it’s a legitimate email address, just not one I’ll ever send an email from. (I can if I need to, but that’s a different point) Everyone’s happy.
The key, though, is that if [company] starts spamming me, I can block that specific address, rather than having to do any kind of weird and fragile message rules etc. It’s easy – I just add [company_name]@myemail.com to the ‘bin everything’ list, and there we go, it’s gone.
What I’ve found recently though is another interesting one – I can easily tell when [company] has been hacked, or lost its mailing list somewhere.
This week, I’ve been getting some *very* clever phishing emails (the ones about ‘just log in, give us your details, and we’ll sort this out’) to one particular address. They’re good enough that if they had come direct to my home email, I might’ve clicked on one by mistake. (I haven’t, but I could have) They’re *that* good. But I can see that they’ve come to [company]@myemail.com , so a) I know they’re shit mails, and b) I know that [company]’s mailing list is being used.
I’ve let [company] know, although there’s not much they can do about it now. But at least maybe they can notify their customers that their details have been leaked/stolen.
All told though, it’s another interesting reason to have that particular domain, and to use it in this way to keep my own information as safe as possible.