cta quote button US

5 Ways to Recognize Spoofed Websites

The statistics on Internet fraud, specifically through phishing attempts, are staggering. Phishing is a method of getting people to reveal their confidential information through fake or “spoofed” emails or websites that look legitimate. Phishers often copy popular sites to trick people into entering their passwords, account numbers or banking information. According to a report by the Anti-Phishing Working Group, the number of phishing websites increased 25 % from 2015 to 2016. This type of Internet fraud costs victims and companies approximately $4.5 billion per year. Scammers are continually devising new methods of preying on Internet users, and while they frequently target sites that deal with financial information, phishers also steal passwords, Social Security numbers and other personal information. Here’s how to recognize a spoofed website and avoid being a victim of fraud.

1. Look for the “s”.

if_user_close_security_103764Sites that involve financial transactions such as banking or shopping should use a secure connection to ensure that any information conveyed between the browser and the server is encrypted. Always verify that the site is secure by making sure the URL in the address bar starts with “https://”. The “s” stands for secure and means that the site uses secure socket layer or transport layer security (SSL/TLS). Websites that use SSL/TLS will display a closed padlock in the status bar when they ask for your password or personal or financial information. Spoofed websites don’t have this because scammers don’t need the SSL certificate – they shut their sites down when as soon as they collect the information they want.

2. Check the URL

if_link_pagechacked_link_1770754If a website is unsecured, check the URL in the address bar. All URLs follow a basic format (http://domain.tld/). TLD is the top-level domain, which may be com, net, org, edu or something else. When you type a URL such as “http://google.com”, Google is the domain name and com is the TLD.

The authentic domain name and the top-level domain are usually on the first part of the URL before the single slash. A valid Google URL looks like this: http://google.com/ An invalid URL looks like this: http://google.images.com/

In the valid URLs, the domain and the TLD is followed by a single slash, and the rest of the address comes after the slash. Note that the second URL does not take you to Google Images. Phishing websites use URLs that sound official or are similar to well-known URLs but are completely fake.

3. Check the contact information.

if_user_profile_contact_avatar_check_account_select_1321091Legitimate websites for financial institutions such as banks and credit card companies publish their contact information. If you call the phone number on the website during normal business hours and hear an automatic voice messaging system, this should be a red flag. Also, check any email addresses listed on the website – the part of the email address after the “@” should include the proper domain and TLD. Be suspicious of contact email addresses that use free email providers such as Gmail or Hotmail.

4. Check the details.

if_9_264854Legitimate companies are very particular about their public image. You’ll rarely see any grammatical errors misspellings or typos on their websites. For the phishers, it’s all about getting your information. You may see unusual grammar mistakes, oddly formal language or poor-resolution images and logos. While some spoofed sites look convincingly legitimate, most phishers are in a hurry to collect your information and overlook these details.

5. Do your research.

if_basic2-067_checkbox_list_to_do_169993Be suspicious of websites that you’ve never heard of or dealt with before, especially if you get there through an email link. Do a search for reviews on the company name or the URL and avoid sites that have too many negative reviews and comments or that have no other online presence.

Need Inspiration? Check Out Some Related Projects and Tasks

Move Websites, Quarantine Any Phishing Details From Old Site

Ensure websites are free of phishing comprimise and move to new host ... (Australia)

Help Me Catch A Noob Hacker/email Jacker

Some asshole is signing up my email to all kinds of shit newsletters and he/she is trying to change my passwords to different social media and other subscription accounts. The person may also be ...

Google "phishing" Avoiding System/method

Hi, i have a problem, google is catching my pages as "deceptive site" while doing a pop under campaign. I need a solution that will help me avoid google catching the pages. experts only! ... (Israel)

UI FRONT END DEVELOPER

I need software developers to design a Network devices protection software for commercial subscriber use. To guard/rid devices of malware and also has the capability to protect emails from spam and ... (United States)

-
These results are based on the freelance jobs extracted from Upwork.

If you think your friends/network would find this useful, please share it with them – We’d really appreciate it.

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.