Article Read Time
Phishing scammers often reach out to us first, but sometimes the fake websites they try to send us to are the traps set for us.
Some scammers set up fake websites that look and behave like legitimate sites. The goal varies; they may want you to give up your login information for another site, send money, provide health details, or give up the kinds of private data that you don’t want in the wrong hands.
Here are three ways that you might encounter fake websites these days, and how you can stay safe from any iteration of this threat.
Misspelled URLs
“Fat fingers” happen to everyone, which means we all make misspellings and typos. Hackers know this and try to exploit it. They will buy similar URLs to big-name domains, hoping to trick people who get misdirected.
Sometimes this can look relatively obvious, and therefore easier to spot. Some examples might include:
- Goggle.com instead of Google.com
- Microsofte.com instead of Microsoft.com
- Help-me-Verizon.com instead of Verizon.com
Other times, the deception is much less noticeable. For instance, Amαzon uses the Greek alpha in place of our traditional a; that can be difficult to spot in an email or link. Similarly, a website posing as Instagram but going by 1nstagram.com or Instgram.com might fly under the radar at first glance. Pay close attention to the URL before you visit a website!
Deceptive QR Codes
Ever since the 2020 pandemic, QR codes have become much more than a way to connect with a friend on a specific app. Now we see them advertising events on the street, connecting directly with particular services, and at our favorite restaurants to pull up a digital menu.
Unfortunately, QR-code phishing attempts have skyrocketed too. Known as quishing scams, these QR codes redirect your phone to a malicious website. Once there, hackers can install malware surreptitiously, steal confidential information, and steal data from your device. Just like with the misspelled URLs, these fake websites often closely mimic real ones to make the trap more convincing. QR codes can even redirect you to malicious mobile apps, which can similarly look just like a legitimate purchase.
Fake Search Results
When you search for information yourself, you must be sure that the answers are valid and come from reputable sources. You can’t click on the first link you see and expect it to have correct, complete answers every time.
If you accidentally visit a phisher’s site, any information you enter could become compromised. Keyloggers can track everything you type and search, including your login credentials and credit card information. The website could download malware without your knowledge or otherwise steal your data and publish it to the Dark Web.
Some signs that the website you’re looking at might be a fake:
- The URL starts with HTTP:// instead of HTTPS://
- A minor typo in the address.
- There is no lock symbol next to the URL.
- Unprofessional language on the webpages.
- Webforms that ask for too much information (ex. a signup form asking for your credit card number).
If you notice any red flags or feel uneasy that a webpage may be misrepresenting itself, take a step back to reassess the safest course of action.
Don’t get faked out by fake websites! Notice the red flags and errors to stay safer and keep your software up to date so that your devices can help protect themselves from such threats.
- Use bookmarks to keep track of your favorite websites so you don’t accidentally visit a similarly-spelled trap.
- Ensure that the URLs always display security indicators, such as the padlock icon, before the web address.
- If you’re on your mobile phone, check the URL very carefully.
While it can be tricky to recognize reverse social engineering threats because the phisher doesn’t contact first, it’s just as dangerous to walk into one of their set traps. Be careful where you go online and protect your devices against fake websites.
Commonwealth Sentinel can help your organization stay secure by implementing robust password policies, utilizing practical multi-factor authentication tools, and providing comprehensive in-person cyber training for your entire staff. It only takes one skilled cyber criminal to cause damage, so your team must always remain vigilant. To schedule a consultation, click here or contact us at (502) 320-9885.
At Commonwealth Sentinel, we are focused on cyber security so that you can focus on other things.