ADVERTISEMENT

How to identify and avoid fake websites

Fake websites are an important part of so-called phishing scams where fraudsters aim to misguide you into giving sensitive data, such as credit card numbers or account passwords.

6 rules you should follow to avoid fake websites
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Jan 4, 2022 Updated: 6 February 2023 7 min read
Cybernews pro tip

Each year, billions of personal data records are leaked or stolen. Learn how to minimize your footprint on the internet and stay secure.

Protect your data now

6 ways to tell if a website is fake

1. Is this URL safe? Understand how URLs work

Example of fake website - gooogle.com
  • Content. Anything below the long horizontal line can be tailored to mimic any website. There's no way a browser can warn you that you're looking at a fake page.
  • Favicon. Any attacker can take Google's favicon seen at the top left and use it on a fake website.
  • Domain. The attacker cannot alter the domain (google) that's coming before the top-level domain (.com). However, as seen in the picture above, it can use a similar domain to trick visitors.
  • Subdomain. If you don't look carefully, a subdomain might look like a domain. An attacker can throw google.com.search-source.com at you where search-source is the actual domain of her fake website.
  • SSL certificate. Seeing a green padlock beside the address bar often gives a fake feeling of safety. Any website can buy such a certificate unless it's EV (more on that below).

2. Is the website using legitimate SSL/TLS certificates?

  1. Load the website that you want to check
  2. Click the padlock icon next to the address bar to view the Site information window
  3. Click Certificate
  4. Choose the Details tab
  5. Check the Subject field
How to check website's SSL/TLS certificate on Chrome
OV and EV certficates
Show original message on Gmail to check if email is fake

4. Look at the website

Example of fake PayPal website full of spelling and grammar mistakes
ADVERTISEMENT

5. Look for online reviews and references

whois checkup on gooogle.com

6. Use a fake website checker

Google Safe Browsing tool - report on dicspics.com

Why should you worry about fake websites?

How to report a scam website?

Report a scam website on Google Chrome

  1. Click the three dots on the top-right
  2. Hover over Help
  3. Choose Report an issue
  4. Optionally, edit the fields and click Send

Report a scam website on Mozilla Firefox

  1. Click the hamburger menu on the top-right
  2. Select Help at the bottom of the menu
  3. Choose Report Deceptive Site
  4. Optionally, add comments and hit Submit Report

Report a scam website on Microsoft Edge

  1. Click the three dots on the top-right
  2. Hover over Help and feedback
  3. Click Report unsafe site
  4. Tick the right boxes, select Language
  5. Enter the captcha and click Submit

What to do if you've been scammed

  1. Inform your family and friends – they might be the next target
  2. Do not contact the scammer – there's no way you can make things better
  3. If you lost money, call 911 and report the case
  4. If your banking details might have been stolen, contact your bank immediately to block credit cards and accounts
  5. If your personally identifiable information has been stolen, report the police, your bank, credit bureaus, SSA, FTC, SAO, and other institutions
  6. If your password was stolen, change it to a new and strong one
  7. If the scammer accessed your device, change your passwords, inform the bank, and scan for possible malware
  8. Gather proof – emails, bank statements, and other information is vital in catching the scammer and possibly getting your money back
  9. Even if you didn't lose money or data, always report the scam to stop it from spreading
  10. Seek emotional support – chances are that the scammers will try contacting you (again) – this shouldn't lead to extorting (more) money

More from CyberNews

ADVERTISEMENT