Despite the fact that fake websites have become a commonplace danger to internet users, many still have problems identifying them. Fake websites are often used as part of so-called phishing scams where fraudsters aim to misguide you into giving sensitive data, such as credit card numbers or account passwords. This article will help users figure out what’s real and what’s fake on the web to stay out of harm’s way.
Here’s the deal.
Why should I worry about fake websites?
Fake websites are sites that have only been set up for one reason: to fool unsuspecting web users into thinking that they are legitimate. When done right, fake websites look and act almost exactly like the real thing. So they may mimic your bank or cellphone company, making you think that it’s OK to act normally while you use them.
There are at least a couple of ways fraudsters use them to rip you off – primarily, they either lure you into divulging personal data or exploit various vulnerabilities to put malware on your system. They can only be successful by remaining unidentified, which is why knowing the telltale signs is so important.
Telling if a website is fake: 6 rules to follow
If you take a good look at this website, can you tell if it is what it says it is? How would you go about finding out? Well, if you don’t know the answer to that right now, we’re here to get that fixed.
1. Understand how URLs work: double-check before clicking
One of the most common ways that phishers lure users onto their sites is by adding malicious links to phishing emails. So any time you think about clicking on a link embedded in your emails, be aware that there’s a possibility that it could be illegitimate.
It’s not always easy to tell the real from the fake, but there are always ways to do it. Oftentimes, fake sites will impersonate real ones – like your bank’s website. If you look at the URL closely, you may find letters out of place or perhaps they will have the domain name of the legitimate website as a sobdomain of a fake one. It’s such discrepancies that give the game away.
So, let’s say you receive a link which includes the text www.amazonus.com. Would you click it? You probably shouldn’t because that’s definitely not how the retailer constructs its links. But if you just glanced at it, you may not notice the issue.
2. What source is the link coming from?
Technically, phishers can and do sometimes hijack email accounts of businesses or individuals to give their phishing emails authority. Yet this is quite rare, and usually they will use accounts that look similar to those of legitimate sources when in fact they are not.
Ideally, dubious messages would head straight to your spam folder, but as we know that isn’t always the case (and legitimate emails often end up in the spam folder, clouding matters).
As a general rule, if you haven’t solicited an email or the sender isn’t known to you, alarm bells should start to ring. It’s obviously not gold-plated evidence that the sender is phishing you, but it’s something to think about nonetheless.
3. Look at the website
Everyone is bound to end up on a fake website once or twice – that much is difficult to avoid. Fortunately, there are ways to tell if a website is fake by the content on it.
For example, pages that are littered with small errors are strong candidates for fake websites. Sure they may be poorly written, but you shouldn’t take chances.
4. Is the website using legitimate SSL/TLS certificates?
Most legitimate websites, and practically all of those operated by serious services like banks will have a URL that begins with HTTPS, rather than HTTP (indicating that the site has applied for and been granted a secure SSL/TLS certificate). This means the communication between you and the server is encrypted and secure. An easy way to tell if this is the case is to look for a green padlock symbol next to the address bar.
At the same time, attack sites will often simply have HTTP style addresses, instead of the HTTPS code, which indicates that the site is secure. Almost all major corporate sites are HTTPS, so if the site you’re on isn’t, it’s time to bail.
5. Look for online reviews
Legitimate services will have many reviews on sites like Trustpilot. If the site you’re browsing doesn’t have any (or if they say the website is fake) – you should probably stay away.
Whenever you order online, it’s a good idea to check whether a company is listed there. If not, that’s a major red flag.
Even so, sometimes phishers manage to build up an online profile. In those cases, reading the reviews should be enough to identify fake sites. Fake reviews tend to be generic, lacking in detail about what was good or bad about their experience. If they feel robotic or shallow, you’ve got reason to be sceptical.
6. Use a fake website checker
If you’ve taken all the above steps into consideration, try running the site through a fake website checker. Google’s Safe Browsing tool is the best option here. Just paste in the suspect URL and the checker will determine whether it’s safe to visit. That’s not the last word. Suspect websites pop up constantly. But the register is pretty up to date nonetheless.
How to report a fake website?
You’ve found a trap – great! The first thing you should do in such a case is report it so that others don’t fall for the scam. In most cases, the best course of action is to enter the URL into Google’s reporting tool. This will result in Google adding the website to its list of reported “attack sites,” saving many people an unnecessary headache.
But if you’re worried that the site is stealing money (or you’ve already accidentally handed details over to the site owners), you need to know how to report a fake website to law enforcement authorities. In that case, head to the FBI’s Internet Crime Complaint Center and file a complaint. It takes a bit of time, but if it helps to prevent crime, it’s worth it.