Skip to main content

Viewpoint: Protect websites from phishing attacks

By Scott Barman

Viewpoint0904-1

Regarding L.A. Saryan’s Viewpoint article about how someone may have captured email addresses from his coin club’s website to use in an attempted phishing attack, please allow me to use my former life as an information security expert to help Saryan and other coin clubs to protect themselves.

While too many people are trusting of the Internet, the general public does not understand that the technologies that provide those pretty interfaces are really very crude. It is just as easy for a scammer to search for things on a website the same way a legitimate search engine will. There are ways of protecting yourself, even for the coin club whose website is managed by a non-technical person.

The easiest way to prevent scammers from scanning your club’s website for email addresses is to obfuscate the addresses on your website. This way, the scammers will not be able to find certain patterns that resemble an email address, including the “mailto:” that is added to the front of a URL to indicate that it is an email address.

The hard part is that in order to do this, you will have to edit the page’s HTML code. This may be confusing for those who only use page building tools to create the website.

Whatever you do to edit a page on your website, you must be able to access the HTML code that instructs the browser how to format the page. Within that page, find the address tag that contains the email address. It may look like:

john@doe.com

You will have to replace the entire tag.

Rather than telling you how to rewrite that line, go to https://manytools.org/http-html-text/hide-email/ for help. On the line that says “Email address,” enter the email address that you want to obfuscate.

The next line says “Link text (optional).” This is the text that will be displayed by the browser. In this example, we are using the email address but you can change it to say anything, such as “send me a note” or the name of the person associated with the email address.

Press the button that says “Obfuscate!” and wait for the results to appear.

In the box that will appear in the middle of the page will be an address tag with a lot of unreadable information. This is the Unicode translation of the address. Unicode is a way of representing characters from languages that are not like English. To make the standard consistent, the characters of the English alphabet are included.

Copy all of the information in the entire box and paste it in place of the original address tag. In this case, the tag will be replaced with:

Viewpoint0904-2

While this is not a perfect solution, the vast majority of the Internet bots that look for email addresses on web pages will not recognize this.

Using this method, you can have your club’s officers on your website and limit the exposure to Internet scammers.

This “Viewpoint” was written by Scott Barman of Rockville, Md. He is the Webmaster of the Montgomery County Coin Club.

To have your opinion considered for Viewpoint, write to David C. Harper, Editor, Numismatic News, 5225 Joerns Drive, Suite 2, Stevens Point WI, 54481. Send email to david.harper@fwmedia.com.

This article was originally printed in Numismatic News. >> Subscribe today.

More Collecting Resources

• Are you a U.S. coin collector? Check out the 2019 U.S. Coin Digest for the most recent coin prices.

• Get five centuries’ worth of identification and pricing in the brand-new Standard Catalog of Great Britain Coins eBook that will transform your coin collecting efforts.