Business
Entertainment
Health
Lifestyle
Politics
Reviews
Science
Sport
Scams
Tech
Business
Entertainment
Health
Lifestyle
Politics
Reviews
Science
Sport
Scams
Tech
Home 
» Scams » 
#80
 

5 Ways to Determine if a Website is Fake

Scamming Websites South Africa

Posted Apr 15, 2020
Type: Scamming Websites
Credit: M.Ervant

5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2020 


There are many ways to determine if a website is fake—here’s what we recommend. 

The internet is full of websites that are either fake, fraudulent or a scam. It’s a sad fact of life. You see, the evolution of the internet has brought with it a number of extremely convenient advances in the way we shop, bank, and interact with the world around us. At the same time, that evolution has also given way to new risks—new avenues for criminals to rip off the unsuspecting. In 2018 Cybercrime will be a $1.5 trillion industry.

Really, what it all boils down to is fraud. These hackers and cyber criminals are little more than new age con men. And the con game is as old as time itself—people have literally been tricking one another since the beginning of time. And in the same vein as ancient mystics and old-fashioned snake oil salesmen, these con-men are after one thing: your money.

Nowadays their tactics tend to involve phishing. Lots and lots of phishing.

What is Phishing?

Phishing is a type of online fraud that involves getting an individual or organization to disclose sensitive, sometimes compromising information, under false pretenses that have been expertly manufactured by the attackers. Tailoring your phishing attack to your target is sometimes called spearphishing, it’s a form of social engineering. These attacks take several forms, often elaborately combining multiple mediums to create the impression of legitimacy.

What does that mean?

Well, let’s look at an example. An attacker may start by sending you a formal looking email from an address that resembles an official account. It may say something like, “an attempt to login to your account has been made from another country, please update your password.”
In fact, that’s exactly how John Podesta, the chairman of Hillary’s Clinton’s presidential campaign, had his email account compromised.

5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam

1.) Pay Close Attention to the URL

You would be absolutely shocked how many people pay little to no attention to the address bar of their browser. This is a huge mistake. The address bar contains a ton of vital information about where you are and how secure you are there. So get into the habit of occasionally glancing up there whenever you visit a new page.

In fact, most of the browsers abide a concept called the Line of Death. The idea is that a user should never trust anything below a certain point on the browser, the so-called line of death. An attacker can control everything below the line (and even some things above it) so you have to know where to look for reliable information.

The areas that an attacker can control are highlighted in red and numbered. Let’s go over them really quickly:

1. The Favicon – Websites can put whatever icon they want in the tab.
2. Domain Name – This is part of the URL and it’s trustworthy, as long as you know what you’re looking for (more on that in a second).
3. File path/Director – Ditto.
4. Web content area – This can be whatever the attacker wants it to be, including a very convincing spoof of a legitimate website.

One of the chief tactics in phishing is to create a website that is almost indistinguishable from the real thing. In order to do this, hackers and cybercriminals have gotten very ingenious in the ways they copy URLs. Between the ability to create sub-domains that mimic real domains and how browsers can confusingly shorten URLs, it’s easy to get duped.

In order to know what to look for when examining the URL, you need to know how a URL is constructed.

Now, armed with that knowledge, always make sure that you know what the actual domain you’re on is. Sub-domains can be misleading. Here’s an example of a first- and second-level sub-domain that intentionally mimic a domain and TLD:

This URL is designed to look like it’s PayPal.com, but if you look closer you’ll notice that those are sub-domains, the name of the actual domain is “confirmation-manager-security.” Remember, the real domain name appears right before the TLD (e.g. .com/). This is not really PayPal. This is a phishing site. Notice how it still displays the little green padlock thanks to the use of an SSL certificate?

That’s why you always have to check the URL.

2.) Check Connection Security Indicators

Back to the address bar. If the last point didn’t underscore the importance of this browser feature—this one should drive the point home. Within the address bar are several connection indicators that let you know whether your connection with this website is private. As we mentioned earlier, it’s possible to eavesdrop on connections on the internet.

The internet was built on HTTP, or the hypertext transfer protocol. When HTTP was first defined the internet was not used for commercial activity. In fact, commercial activity on the internet was actually illegal at the time. The internet was primarily supposed to be a platform for the free exchange of information between academia and the government. Any communication done via HTTP is sent in plaintext and can be intercepted, manipulated, stolen—you name it.

In order to remedy this, SSL or Secure Sockets Layer was developed. SSL was later succeeded by TLS or Transport Layer Security. Today, we colloquially refer to both as SSL.

At any rate, HTTP + TLS = HTTPS, which is a secure version of HTTP that prevents communication from being intercepted and read by anyone but you and the website you are connected to. That’s a lot of information, but what you really need to know is this:

HTTP = Bad
HTTPS = Good

Never trust an HTTP website with your personal information.

Now, let’s get to connection security indicators. You want to look for one of the two following indicators:

3.) Look for Bad English

Good websites take pride in themselves. That means the graphics look sharp, the spelling and grammar is on point and the entire experience feels streamlined and polished. If you’re on a website that feels like it was written by someone with a third-grade education – or by someone who doesn’t speak English as a first language – you may want to be a little bit wary. Especially if those mistakes appear on important pages.

Everyone makes the occasional mistakes—even big companies. But at the point the mistakes become egregious you need to beware.

4.) Look at the Contact Us Section

Another telltale sign when it comes to whether or not a website is fake or not can be found on its “Contact Us” section. How much information is there? Is an address supplied? What about a phone number? Does that line actually connect to the company? The more information that is supplied, the more confident you should feel—provided it’s actually good information. If all they’re giving you is an email address or, worse, there’s no contact information whatsoever—run.

And remember to verify the information. Google the address, maybe even check out street view. See if any employee that’s listed has a LinkedIn profile. Do a little homework.

5.) Check the Who.Is

This is another tip for advanced users.

If you really want to know who is running a website there is a database called Who.Is that can tell you what email address it’s registered to. There are a number of free sites that allow you to check a website’s official WHO.IS registration, though GDPR concerns have complicated access lately.

A WHO.IS registration can tell you the owner of a website and if it’s an individual or a company. If it’s a company there will be an “Organization” listed along with an address and phone number. For an individual, there will be a “Name” listed along with an address.

This can be an invaluable tool, especially when you’re dealing with brands. If you’re at a website that claims to be owned by a large company but is registered to some address in another country, there’s a good chance you’re on a fake website.

Also one of the very good indicator is how long the website has been online?

If the website has been less than 5 years online do some more digging.

A Final Word

It’s possible that after reading this guide you’re feeling a little uneasy. That’s not the point we were trying to make. The internet is an amazing place and you can use it for a countless number of worthwhile activities. But, much like anything else in life, there are some dangers. Don’t let that dissuade you, as long as you stay vigilant you’re not likely to run into many problems.

Just stay on the beaten path, trust websites that have made an investment in authentication and be careful if you ever get the sense that something might be off.


(Excluding for the Headline, this article ("story") has not been edited by MiBiz News and is published from a web feed or sourced from the Internet.)


Related News
Sponsored Links
Go to top
Stay informed! Visit SA Department of Health's website for COVID-19 updates: www.sacoronavirus.co.za
Remove