Phishing or Spoofing is a common type of internet crime. Every year thousands of phishing emails are sent to drive people to fake websites. These fake or phishing websites try to trick users and extract secret and sensitive information from them including personal identification and financial details.
Cyber crime is one of the most prevalent and dangerous forms of crime in this modern era. With more and more people embracing e-commerce websites for shopping or banking through online, fraudsters are rampant to cheat people to make a quick buck.
Beware Of Phishing!!
Scammers use a lot of ways to fraud innocent internet users. Phishing is one way where the scammer play as a genuine person or from a company and then sends emails to give away your financial or individual information like passwords or credit card number and social security number.
This is one of the most prevalent forms of scam and criminals are always changing their ways so as to make sure the email recipients trusts and gets cheated. Phishing is generally done by sending an email supposedly from a bank asking for few confirmations about your account. A link will also be provided and user believes the link will take to the account confirmation website.
However, when the link is clicked, malicious programs such as Trojan is launched that will immediately install a keystroke logger on the computer. The purpose of keystroke logger is to record whatever we type which also include passwords. The other thing that might happen by clicking the link is, you may enter into fraud website where you end up giving away your individual information.
The fake website may look exactly like your bank’s real website. This is due to the fact that scammers just copy the look and files of the real website. But once you try to log in, a lot of personal information is asked which you would never be asked on the real site. Details like account number, debit card number, even ATM PIN is asked.
One more way to trick people is creating websites with a name which can be a generally misspelled address. This is called as typosquatting and most of the people would have encountered these kinds of sites while surfing the web. The intent of the website is the same, faking and making money.
Recognizing A Phishing Website
Check the URL
The real bank website and the fake site will have different URL. Repeating checking the URL for the spelling is important. The check can start from the link provided in the email. Once you hover the pointer of the mouse on the link, the web address will be displayed. Fake can be identified right there. Also, ensure the address bar displays the “secured” symbol i.e. https.
Errors in Grammar or Spellings
We can expect fake websites generally from countries non-English speaking or mother tongue is not English. If there are spelling mistakes or grammatical errors , then the phishing site can be easily identified.
Real organizations ensure that there are no such mistakes. A lot of time will be invested in creating good websites. If any website looks cheap with spelling mistakes, poor images, and logo, it calls for suspicion.
Once you get a suspicion, check the websites for any other clues and do not provide any information.
Notice Padlock Symbol
Padlock symbol (shown in below snapshot) which appears adjacent to the main address bar is one way of knowing of site security. Website URL starting from https can be an additional security. These two signs are critical to ensuring security. Therefore all the main e-commerce retailers will have the measures in place.
Check The Images
Real websites have high-resolution images. Fake websites are usually done in a hurry and images will not be sharp.
Notice A Change
Banks websites would ask you for username and passwords or pin numbers. If a bank is asking for personal information which they would never ask before, it is most likely fake.
Check Company Details
Observe the company name and the footer. Try to know the information of the website owner. See next few points on how to know more details about company.
Check The Credentials
Check the credentials of the websites. You can start by checking for the contact information, address. Additionally, you can even call the number. A web search can provide vital information. Numerous forums and blogs are available where other users would have recorded their issues and provided information.
Search On Web About The Site
A good web search on the site can yield more information and fewer chances of getting cheated. Using keywords in Google, you can research about the site. The name of the website with keywords such as customer complaints, fraud, feedback, review etc can be used.
Cross Verify Copyright Date With Domain Registration Date
More investigation can be done in terms of comparing the copyright date in the website and the creation date of the domain. The fake website will be created at a very later date.
Careful Shopping On New Sites
Be careful while online shopping from new websites – Whois lookup can help you know the creation date of the domain. If the domain is newly created and enough data is not available on the site, it is safe not to use the site till the legitimacy of the site is established.
Check Site Popularity In Search Engines
Research on site popularity also can provide vital leads about the website. A page authority score of higher than 50 indicates genuine site. The score can be checked through opensiteexplorer.com
Site Must Have Contact Information
If the website does not have Contact information, then it’s most definitely fraud. If the contact info is given, you can send a mail or call to check.
Visa Card Holders Can Opt For Text Alerts
Visa text alert can be activated. Any fraudulent activity will be immediately notified to take action.
Unbelievable Deals Are Warning Sign
If the information in the site is very good with unbelievable deals, better to trust instincts and leave the site. Do not provide any information about yourself.
New Look – Be Suspicious About Any Change
Be cautious about how the website looks. If it is too different from your previous visits and if the information asked is different what it used to be, there is good chance that you have landed on a fake site. Generally, website informs customers of changes in the look of the website.
Confirm Email Id Is Trusted
Checking the email id of the sender is also important. If it is a general account not specific to any company and asking for information which is sensitive, then do not divulge. Also, real bank emails address you by name. So make sure right name is used.
Ensure Your Transaction is Encrypted
E-commerce websites, to secure transactions use encryption. If the symbol of the lock is present in the browser, you can assure the site uses encryption. Security certificate can be checked by clicking on that symbol.
How To Protect Yourself From Scamsters
Even though the suggestions provided above can help in recognizing the fake sites, fraudsters are always finding new ways to make the site look original and convincing. So it is always better to take to assess if you are on the legitimate site. We give you a few pointers to help keep you away from getting cheated.
Get The Latest Browser
The browser has to be up to date to identify fake sites. If the security options are ticked on then the browser will inform you before entering the site.
Knowing about the most recent scams and being aware of what a fake website would look like would take you long way to recognizing the tricks of a hacker.
Checking the emails thoroughly, knowing the email sender and being careful about emails asking for any financial and personal information. Additionally, you have to ensure no to download any files and attachments from this kind of emails.
When surfing always ensure the website is secure, especially be cautious while entering important information. In the case of any suspicion, input a wrong password. Fake websites accept any password. One more way of entering the right website is through search engines. Tools like McAfee® SiteAdvisor®, can help you know if the site is safe.
Technology Can Help Defend
Complete pack of anti-phishing technology such as McAfee security center can effectively defend against such sites. They come preloaded on PCs from Dell. The software should always be updated with the latest by updating it in the control panel for software security. Automatic updates should also be enabled.
On Guard Always
On the offline front, you can keep a track of the bank account, transactions and credit card bills. The password should be changed on a regular basis. Passwords should be strong and can include letters, special characters, and numbers. General information about you like nicknames and birthdays should be best avoided in a password.
Avoid Saving Credit Card On Websites
Saving credit card information should be avoided. It is always preferable to use services such as PayPal than using credit cards as they have good control on the transactions. In case the website is hacked also, it is safer with PayPal.
Report To FTC About Incidents
Report FTC about hackers. If you have noticed a fake website, it is best to forward such emails to FTC (Federal Trade commission). The email id is email@example.com. There is another anti-phishing work group. The email id of the same is firstname.lastname@example.org
Phishing is the most prevalent form of cyber crime. Scamsters are always on the look out to fraud people and convince them in divulging information to make money. Therefore, it is always better to be safe than sorry. Practicing safe browsing is a great way to curb any phishing attempt.