Can you trust the Wall Street Journal's domains?

Last week I wrote that skepticism may be the most important thing you bring with you when dealing with the Internet. A few days later in the Wall Street Journal, Walter Mossberg said basically the same thing - "...the most insidious Internet security problems today rely on human gullibility, not tricky software."

His article, How to Avoid Cons That Can Lead to Identity Theft, included this advice "Don't click on links to offers for free software or goods that you receive in an email, especially from a sender or company you've never heard of."

The problem with this advice is twofold. First, the From address of an email message is very easily forged. You may get a scam message that seems like it came from a company you know, but really didn't. Also, identifying a company you know has its own issues.

Suppose, for example, you got an email message about a really cheap price for a subscription to the Wall Street Journal. The phony From address could well be subscriptions@wsj.com. Suppose too, that the scam sent you to the www.wsj.biz web site.

Many people know that the online version of the Wall Street Journal is wsj.com. But, wsj.biz has nothing at all to do with the newspaper or with Dow Jones. It belongs to Marc Gaines and the web page that currently displays is a temporary one that GoDaddy provides for their customers. The point being, Mr. Gaines, can do whatever he likes with that website, including tricking people into thinking it offers cheap subscriptions to the newspaper. What better way to learn personal information such as name, address, phone number and credit card number? Perfect for identity theft.

Just because a famous company owns the .com domain, it implies nothing at all about other domains.

In the case of the Wall Street Journal, Dow Jones owns wsj.net and wsj.us. However, wsj.info belongs to Seth Wilkof who is looking to sell it. Wsj.org is also a scam-in-waiting. Today, it is a temporary default web page, but it belongs to someone named Natalia Skuridina.

Even someone who doesn't know that wsj.com is the Wall Street Journal, certainly knows the organization behind wallstreetjournal.com. That's easy. But what about wallstreetjournal.net? And wallstreetjournal.org? They both belong to Dow Jones, but, that's where the good news ends.

It is not clear who owns wallstreetjournal.info, but Dow Jones definitely does not own wallstreetjournal.us or wallstreetjournal.biz.

You can see who registered a domain by doing a WHOIS lookup at the website of any registrar. For example, at Network Solutions, go to networksolutions.com/whois and at Regster.com go to register.com/whois.rcmx.

I focused on the Wall Street Journal, only because Walter Mossberg writes for the paper. The concept though, applies universally. I get bitten by it myself. Two websites that I visit are www.speakeasy.net and www.witopia.net. I don't, however, visit them often enough to train my fingers to type .net instead of .com. Neither company owns the .com version of their domain name.

See a summary of all my Defensive Computing postings.