When a scam hits someone's inbox or text message, it finds them in a particular time in their life, in a particular state of mind, and in a particular context. It's not just about how gullible or uninformed or whatever they are. They may be tired, they may be drunk, they may be spending all their energy worrying about a sick relative, or trying not to.
They may have just been shopping for a computer, maybe even a dell. Or maybe they need a computer for their kid and don't have the means to afford one and are more likely to fall for a scam advertising a good deal on a computer than for any other scam.
These all add to the probability that someone falls for a scam. Phishing is all about casting a wide enough net that the probabilities align against some of the people you hit at the time you hit them.
Victims are not just uninformed. They are also compromised, and/or incentivized to believe this particular scam, and/or unlucky enough that the scam takes place when they were recently engaged in activity that makes the scam more believable.
Seeing dell.computerdealshop.com will snap a lot of people out of it where seeing dell.shop would not have.
Whether people are more easily fooled by dell.shop dell.computershop.com is a non sequitur from the rather wordy disquisition about why people fall for the scams in general. The eye sees dell first in clear letters for both urls. Their sick relative doesn’t change much here. I would honestly not be sure if either is a scam for the url alone. The improbable deal at the other end is the only meaningful signal.
> Whether people are more easily fooled by dell.shop dell.computershop.com is a non sequitur from the rather wordy disquisition about why people fall for the scams in general.
It isn't. People fall because probabilities align. Something can catch their eye to knock them out of it.
A bad URL is a bad probability (for the scammer) in the chain, a really good URL is another good probability. If your assessment is that both URLs look equally good/bad to you, I, of course, won't deny that claim about your own experience. But to my eye, dell.computershop.com looks pretty bad and dell.shop looks pretty good.
I only answer my phone if I'm in the middle of getting a loan and so expecting a call from some unknown number at any time, and even then some numbers look too phishy to answer. The last time I got a loan I got a call from a local area code near the bank, answered, and found myself talking to a scammer about a loan. It was confusing, I believed it was the bank at first! Everything needed to align for them to get that far, including the phone number looking legit to my eyes. To someone else's eyes a number halfway across the country may have looked just as legit. Or the nearby number may have looked instantly bogus. This is exactly my point!
Just the fact that you had your credit report pulled for a loan qualification is immediately sold to ad brokers by the credit bureaus, who will sell it on down the line to less and less scrupulous buyers. It's not surprising to me at all that you got a scam call about a loan while you were in the process of legitmately applying for a loan.
I now ask businesses like these "what number will you call me from" and I put that in my phone as a contact, so that my phone will ring. If they call me from any other number I won't see the call.
Remember that Google was (is?) trying to remove the URL bar. Not just because it reinforces search as the main product and gateway to the web, but also because URLs are kind of hard for most people.
Which brings us to the original argument: is this a reason to ban gTLDs? Surely the cost of banning gTLDs outweighs the enormous benefits of making it easy for society's productive users to find names they like.
We also shouldn't discount the incredible benefit of having additional namespaces and markets positioned against domain name squatters. gTLDs linearly increase the costs to squatters. Good names can be found with lots of alternative gTLD offerings, which greatly increases the supply side for builders and entrepreneurs.
Ultimately gTLDs probably won't be banned simply because there's money to be made by the ICANN and registrars.
And then there are plenty of companies who put some legitimate part of their business on a wonky gtld domain they only bought so that it's not bought by a scammer. Systems run by the investor relations department might run on examplecompany.biz, some hiring SAAS on examplecompany.work, the CRM on examplecompany.business and the tech support occasionally instructs someone to get a preview update from examplecompany.cc. Not because that's a smart thing to do, but because coordinating namespaces is not easy and dedicating an otherwise unused domain only bought to keep out the scammers is a tempting shortcut. And because training internet users that sometimes wonky TLD are ok is an externality.
> Seeing dell.computerdealshop.com will snap a lot of people out of it where seeing dell.shop would not have.
I see this and raise you HP using domains like h30434.www3.hp.com for decades now. They only started to disappear fairly recently. Many companies will do it and people don't really care.
It would be nice if browsers surfaced the information about when you last visited a site. In the certificate information panel for Firefox you can find things like, "You visited this site 1067 times before" which is helpful information when evaluating if you're on the site you think you're on.
They may have just been shopping for a computer, maybe even a dell. Or maybe they need a computer for their kid and don't have the means to afford one and are more likely to fall for a scam advertising a good deal on a computer than for any other scam.
These all add to the probability that someone falls for a scam. Phishing is all about casting a wide enough net that the probabilities align against some of the people you hit at the time you hit them.
Victims are not just uninformed. They are also compromised, and/or incentivized to believe this particular scam, and/or unlucky enough that the scam takes place when they were recently engaged in activity that makes the scam more believable.
Seeing dell.computerdealshop.com will snap a lot of people out of it where seeing dell.shop would not have.