Unfortunately scammers have come a long way since the Nigerian prince email scam. In addition to phishing emails there’s now dozens of types of cybercrimes, from fraudulent transactions to plain identity theft.
Since these criminals have gotten more sophisticated over the years, it has become all the more important to keep up with them and to see through their scams. While it used to be a fairly blank page with a form and perhaps a logo, nowadays scammers will use sites that copy the content from the real one – right down to customer reviews and links.
One of the more popular ways to get information from people is to send them an email with a link to a website – usually this would be a bank or other financial institution – and threatening high costs or even closing the account if the person does not ‘confirm’ their details. Needless to say, this is not genuine.
Now, banks and other companies (like Amazon) do indeed send out emails to their clients, so it isn’t always straight-forward to tell which is which. In addition to emails, there are other ways to end up on these fraudulent pages as well – links, miss-clicks, etc. Here are 5 ways to tell if the website you are looking at is real or a copy made by a spammer.
Some links don’t work/aren’t in the right place
Scammers work in bulk – they don’t have to convince every person who clicks on their site to enter their information, one or two are enough to make money. Also, since these fraud attempts will likely be sent to thousands of people, if even a fifth gives their information, that’s still hundreds of people.
As such, the effort put into these sites isn’t always very extensive – often only the bare minimum of the page is populated. To make it seem genuine, the fraudsters will generally copy the most eye-catching parts of a site. This will almost always include ‘real’ content, such as images, reviews, or other parts of the site. Despite this, a common thing to ignore is the footer. Since the scammers only need one page to gather information from their victims, links to other pages will generally not work.
If you find this to be the case, the site is most likely fake. On a real website quite a lot of content, including reviews will be interactive – a fraud site will most likely only have the bare minimum of content and it won’t be interactive. Testing some elements other than the form you are likely to find on the page will help determine whether the page is genuine.
The URL doesn’t seem right
Most often, banks, financial institutions and companies will have fairly easy to remember URLs. In the address-bar at the top, you can check this any time. Since URLs are unique, a fraudster can’t have the exact same one as the company they are using for the scam. It therefore helps to look out for spelling mistakes in the URL – this could be something as simple as dank instead of bank or more elaborate like using onebank instead of bankone. When in doubt, Google can often clear this up – open a page and type the name of the institution in question into the field.
Among the search results you’ll find their real website – compare the URL. Specifically, the part between the www. And the .com/.org/etc. If they do not match you are all but guaranteed to be dealing with a fraudulent page.
Another handy tool if you think the link doesn’t look quite right is an online webhost checkers. These will be able to tell you who hosts a particular site in the background. They will accept the full URL and tell you who actually hosts the content.
If you are still not certain, contact the institution in question – they will be able to confirm whether a page is real or a scam very quickly.
This is an issue that spammers have had since the conception of emails – bad spelling and grammar. In order to make a page seem authentic, they will populate it with content. Where this is copied from the real site, it is unlikely to have any mistakes, however the parts that are written by them will probably be quite badly written. Often these criminals will not use their first language for their scams, and thus reveal themselves.
This is not always the case however, as sometimes there will be no obvious mistakes. In that case there is still a strong possibility of the content not fitting – often institutions will have a particular style of writing content, for example addressing the user directly or referring to them as a valued customer. It is highly unlikely this will match up. If you were referred to a suspicious page via email, evaluate the email in the same way. Does the style of writing match up? Is the email addressed to a ‘dear customer’ or a person directly?
A scammer is unlikely to have any personal information other than the email address of their victims, so an email with a name is less likely to be fake – the same applies to the page itself.
Layout problems, page behaviour
Since fraudulent websites are rarely around for long as they are discovered and removed, fraudsters will not put too much effort into their projects. While pages are looking more and more genuine, they will rarely hold up in a test.
The easiest test is to see if the page is responsive: Resize your browser window to the size of a phone screen and see what happens. A genuine page will probably resize to fit the smaller window –a fake page won’t. With the amount of mobile users on the rise, financial institution or even web shop will probably have completely responsive content. A fake page would not have this as they’re not designed to hold up to a closer inspection.
Some pages don’t even go this far – they will have even bigger layout problems, for example with logos or graphics. The page may also behave differently from what you’d expect. If the page you usually use has a pop-up, alert, etc and the other does not, this is a good indication of a fraudulent page.
Missing security certificate
Any website that deals with client information or payment details, transactions, etc, will have a security certificate. If a page does not have this, you should never submit your details on it, no matter the reason. ‘Safe’ pages will have a locked padlock to show that they are secure – you can see this in your browser – and fake pages will not. These certificates cost money to purchase, and it would not be given to fake pages at all – consequently a scam site won’t have it.
Check the page of your bank or Amazon and you will see the – usually green – padlock in the corner. An open or red padlock indicates a lack of security, and most likely a fake page. The padlock cannot be faked, therefore it is a very good indicator.
If your website deals with confidential information or payment details and you do not yet have an SSL-certificate, getting one is incredibly important. There are lots of trusted providers of this sort of product, so getting one to give your page credibility is important.
Often this type of page will also have some additional tools (one or two examples can be found below) to help identify fraudulent pages and known scams, so doing some research and keeping an eye out is crucial.
This is a great example of just one tool from the trusted provider above. Here, they are tracking unique domains registered with them. You can clearly see the uptake in registrations in recent years, meaning that despite the growing number of fake websites out there, this provider is being used as a reputable host. This kind of clarity is key in helping root out good providers from bad.
There are many ways to spot a fake page, and more often than not, more than one of these will apply. Due to the bulk-nature of scammers, it is incredibly rare that a fake page would pass as real. If you cannot conclusively identify a page either way, it is important to check with the provider. Send an email to a contact you may have of the genuine page or business and ask them to confirm the page is real or fake – ideally, include a link to the page so the person can check.
Be suspicious of any sudden change in layout, design or functionality of the site you are using. Many companies will send emails to their clients to announce the launch of a new website. If you have not seen such a message and you are uncertain, always confirm with the business or financial institution in question.