cta quote button US

5 Ways to Recognize Spoofed Websites

The statistics on Internet fraud, specifically through phishing attempts, are staggering. Phishing is a method of getting people to reveal their confidential information through fake or “spoofed” emails or websites that look legitimate. Phishers often copy popular sites to trick people into entering their passwords, account numbers or banking information. According to a report by the Anti-Phishing Working Group, the number of phishing websites increased 25 % from 2015 to 2016. This type of Internet fraud costs victims and companies approximately $4.5 billion per year. Scammers are continually devising new methods of preying on Internet users, and while they frequently target sites that deal with financial information, phishers also steal passwords, Social Security numbers and other personal information. Here’s how to recognize a spoofed website and avoid being a victim of fraud.

1. Look for the “s”.

if_user_close_security_103764Sites that involve financial transactions such as banking or shopping should use a secure connection to ensure that any information conveyed between the browser and the server is encrypted. Always verify that the site is secure by making sure the URL in the address bar starts with “https://”. The “s” stands for secure and means that the site uses secure socket layer or transport layer security (SSL/TLS). Websites that use SSL/TLS will display a closed padlock in the status bar when they ask for your password or personal or financial information. Spoofed websites don’t have this because scammers don’t need the SSL certificate – they shut their sites down when as soon as they collect the information they want.

2. Check the URL

if_link_pagechacked_link_1770754If a website is unsecured, check the URL in the address bar. All URLs follow a basic format (http://domain.tld/). TLD is the top-level domain, which may be com, net, org, edu or something else. When you type a URL such as “http://google.com”, Google is the domain name and com is the TLD.

The authentic domain name and the top-level domain are usually on the first part of the URL before the single slash. A valid Google URL looks like this: http://google.com/ An invalid URL looks like this: http://google.images.com/

In the valid URLs, the domain and the TLD is followed by a single slash, and the rest of the address comes after the slash. Note that the second URL does not take you to Google Images. Phishing websites use URLs that sound official or are similar to well-known URLs but are completely fake.

3. Check the contact information.

if_user_profile_contact_avatar_check_account_select_1321091Legitimate websites for financial institutions such as banks and credit card companies publish their contact information. If you call the phone number on the website during normal business hours and hear an automatic voice messaging system, this should be a red flag. Also, check any email addresses listed on the website – the part of the email address after the “@” should include the proper domain and TLD. Be suspicious of contact email addresses that use free email providers such as Gmail or Hotmail.

4. Check the details.

if_9_264854Legitimate companies are very particular about their public image. You’ll rarely see any grammatical errors misspellings or typos on their websites. For the phishers, it’s all about getting your information. You may see unusual grammar mistakes, oddly formal language or poor-resolution images and logos. While some spoofed sites look convincingly legitimate, most phishers are in a hurry to collect your information and overlook these details.

5. Do your research.

if_basic2-067_checkbox_list_to_do_169993Be suspicious of websites that you’ve never heard of or dealt with before, especially if you get there through an email link. Do a search for reviews on the company name or the URL and avoid sites that have too many negative reviews and comments or that have no other online presence.

Need Inspiration? Check Out Some Related Projects and Tasks

Stop Phishing And Update Acount

I received notice from my admin that my site was hacked and phishing is occuring. I want somebody to clean up the account and update it. Here is what they wrote: Although our servers are secure, ... (United States)

Add Features & Create New UI For Existing Product

There is product with full set of APIs for phishing simulation. Product offers admin web interface, APIs, web listener to collect user data. This product is designed using Go Language and Bootstrap. I ... (India)

Expert HTML / CSS (Email / Landing Pages)

We have a task for a talented front-end developer to create simulated phishing email campaigns and landing pages. We have 20 campaigns we need to get started right away. We have the subject lines, ... (Australia)

Development Required For A Phishing Service

I need a developer for 2-3 months project. Developer must be experienced in security apps or similar. ...

-
These results are based on the freelance jobs extracted from Upwork.

If you think your friends/network would find this useful, please share it with them – We’d really appreciate it.

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.