Internet security pros report that thousands of fake websites pop up on the web every day trying to lure you into downloading malware, giving away personal or financial information, or buying non-existent products.
Knowing how to spot a fraudulent website can protect your passwords, your identity, your money, and your sanity.
What are some common types of fake sites?
The U.S. Army Cybercommand offers these examples:
- “Online stores that advertise incredible deals but steal payment information or trick visitors into buying fraudulent or nonexistent products.
- Pages that look like the login pages to services or popular websites
- Sites with malicious pop-ups that can download malware to steal sensitive information.
- Health care or health insurance sites that swipe medical data by asking users to verify account information.
- Package delivery websites that ask users to verify their personal information or trick them into giving up their credit card numbers.
- Airfare booking sites that steal personal information such as passport or credit card numbers or sell fake tickets.”
How to spot fake websites and protect yourself.
Keep an eye out for these red flags:
Domains. “One of the first things to always pay attention to is the domain name of the URL and email,” warns Lifehacker.com. Many of these fake websites will use made-up domains, like lifehaker.com, in hopes you don’t notice the spelling error. Others use subdomains, which include an additional ‘.com’ to make it seem like the official domain, like www.lifehacker.com.lh.com. What comes before the last ‘.com’ is what counts.”
Poor grammar, spelling, and graphic design.“Websites can have typos, but they rarely appear on legitimate company websites—especially not on the home page,” cautions banking giant Chase. “Even though excessive spelling, punctuation and grammar errors are less common on scam sites nowadays, look carefully. It's not wise to assume a language error is a company's honest mistake.” Cybersecurity firm Kaspersky says “look closely at how a site is designed. Does it have the type of design skill and visual quality you would expect from a legitimate website? Low-resolution images and odd layouts can be a warning sign of a scam.”
Review the site’s contact us/about page.“[A] way to test the legitimacy of an online retail store is to check its contact information,” suggests computer security software company McAfee. “Does it have a physical address, phone number, and email contact? Does the email address on the contact page have the company domain name in it, or is it generic (like a Gmail address)? If you send an email, does it get delivered?” Also check to see if the site has an About Us page and does it seem credible? Many hackers won’t take the time to create a convincing About Us page.
Check payment options. The Army Cybercommand observes that “fake websites often ask for payment using non-reversible or non-traceable methods such as gift cards, bank transfers, cryptocurrencies, or payment apps, while legitimate sites always offer safer and more traditional options such as credit and debit card payment.”
If you have any misgivings about the legitimacy of a specific site, the Better Business Bureau points out that “website checkers such as Google’s Safe Browsing Tool can help you decide whether a website is safe to visit.”
Finally, trust your instincts and if you are at all doubtful about a site, get out of there.
