Introduction
We think of phishing scammers as reaching out to us first, but what happens when we fall into a trap they’ve set first?
Sometimes, scammers set up fake websites that look, feel and act real. The goal varies; they may want you to give you login information to a legitimate site, send money, provide health details, or give up all kinds of private data that you don’t want in the wrong hands.
Here are three ways that you might encounter fake websites these days, and how you can stay safe from any iteration this threat takes!
Misspelled URLs
“Fat fingers” happen to everyone, which means we all make misspellings and typos in our day-to-day life. Hackers know this, and try to exploit it. They will buy similar URLs to big-name domains and hope to trick people who get misdirected.
Sometimes this can look relatively obvious, and therefore easier to spot. Some examples might include…
- Goggle.com instead of Google.com
- Microsofte.com instead of Microsoft.com
- Help-me-Verizon.com instead of Verizon.com
Other times, the deception is much less obvious. For instance, Amαzon uses the Greek alpha in place of our traditional a; that can be difficult to spot in an email or link. Similarly, a website posing as Instagram but going by 1nstagram.com or Instgram.com might fly under the radar at first glance. Pay close attention to the URL before you visit a website!
Deceptive QR Codes
Ever since the 2020 pandemic, QR codes have become much more than a way to connect with a friend on a specific app. Now we see them advertising events on the street, connecting directly with particular services, and at our favorite restaurants to pull up a digital menu.
Unfortunately, QR-code phishing attempts have skyrocketed too. Known as quishing scams, these QR codes redirect your phone to a malicious website. Once there, hackers can install malware surreptitiously, steal confidential information, and steal data from your device. Just like with the misspelled URLs, these fake websites often closely mimic real ones to make the trap more convincing. QR codes can even redirect you to malicious mobile apps, which can similarly look just like a legitimate purchase.
Fake Search Results
When you search for information yourself, you must be sure that the answers are valid and come from reputable sources. You can’t click on the first link you see and expect it to have correct, full answers every time.
If you accidentally go to a phisher’s site, then anything you enter there could become compromised. Keyloggers can track everything you type and search, including your log-in credentials and credit card information. The website could download malware without your knowledge, or otherwise steal your data and publish it to the Dark Web.
Some signs that the website you’re looking at might be a fake:
- The URL starts with HTTP:// instead of HTTPS://
- A minor typo in the address.
- There is no lock symbol next to the URL.
- Unprofessional language on the webpages.
- Webforms that ask for too much information (ex. a signup form asking for your credit card number).
If you notice any red flags, or even get a gut feeling, that a webpage may be misrepresenting itself, take a step back to reassess the safest course of action.
Conclusion
Don’t get faked out by fake websites! Notice the red flags and errors to stay safer, and keep your software up to date so that your devices help protect themselves from such threats.
Use bookmarks to keep track of your favorite websites so you don’t accidentally visit a similarly-spelled trap. Make sure that the URLs always show signs of security, like the padlock icon before the web address. If you’re on your mobile phone, check the URL very carefully.
While it can be tricky to recognize reverse social engineering threats because the phisher doesn’t contact first, it’s just as dangerous to walk into one of their set traps. Be careful where you go online, and protect your devices against fake websites!
The post Are Fake Websites Faking You Out? appeared first on Cybersafe.