How to Spot a Fake Website

How to Spot a Fake Website

Have you ever been surfing the web and seen something that warns you that an account of yours, like your bank, has been hacked? Or maybe you were checking your email when you see a message from a department store you shop at that warns you of changes to your account that you need to verify?

These are just a few examples of the kinds of trickery a phisher (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) will use to get your sensitive, personally identifiable data from you. And they’re great at it.

One of the more popular method used by phishers to scam you is to hire a web developer to create a fake web site to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another web site, it’s very easy to be fooled with a fake web site if you don’t know what to look out for. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the Internet address, or “web site”); but there are simple ways to spot a fake web site.

Common URL set ups

All HTTP URLs (i.e. your basic web site) follow a common format:

http://domain.tld/

For example:

http://example.com/

The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.

The actual domain and the tld (e.g. “.com“, “.net“, “.org“, etc.) will always be the last parts of the URL before the first single forward slash (“/”) or a question mark (“?”) in an Internet address. Find that, and you’ll immediately know if you’re where you think you are online.

It’s important to note that a domain can have sub-domains before the “domain.tld“, such as our own http://stopsign.com/blog/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their web site.

How to spot a fake or scam web site

Spotting a fake site is as simple as looking for the domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see http://www.chase.com; but if you saw http://www.chase.com.example.com/ then you know that you’re not really on chase.com; you’re on example.com. This is one of the most important ways to tell a fake website from a real website!

Examples of valid example.com URLs:

  • http://www.example.com/
  • http://example.com/
  • http://blog.example.com
  • http://www.example.com/blog/
  • http://www.example.com?string

Examples of invalid example.com URLs:

  • http://www.example.fakeurlgoeshere.com/
  • http://example.fakeurlgoeshere.com/
  • http://www.example.com.fakeurlgoeshere.com?string

Did you see how all of the valid URLs have “example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.

Learning how to spot a fake website is relatively simple, will save you a ton of frustration, headaches, and maybe even money. Make sure you know what you’re really clicking on, or you could wind up as the victim of a phisher or an identity thief.

Image courtesy of geekandpoke

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

5 Simple Tips to Staying Secure Online.

There’s a lot to worry about online, and as an internet security software company we hope that you use our StopSign products to help keep you safe. But even if you don’t use our software, there are a few things you can easily do to ensure that you are less likely to be the victim of phishing, malware, or internet fraud.

  1. Secure? For sure! – “https”.

    When a web page requests personal information, like your Social Security number, when you’re making an online purchase, or if you need to access your bank account online, make sure that you look in the address bar of your browser to make sure you are on a secure server.

    It’s easy to see if the site you’re on is secure by seeing if the URL starts with “https”. Non-secure websites use “http”, so just look for that additional “s”. No real company who is concerned for your security will ever ask you for any sensitive, banking, or credit card-related information without a secure server in place. Anything else is a scam, pure and simple.

  2. Watch where you’re browsing.

    A lot of phishing attempts are done by using similarly-named domains or by tricks with the URL. The domain name of the website you are trying to view should always be before the “.com” (or “.net”, or whatever top level domain they use).

    For example, our blog is supposed to be on stopsign.com. If you saw blog.stopsign.example.com, that is not the official StopSign blog, because our domain name (stopsign) isn’t before the “.com”. See our blog post “How to Spot a Fake Website” for more information on fake websites.

  3. Use a secure password.

    Making a secure password is a simple solution to staving off the casual hacker who wants to try to break into one of your online accounts. Often one of the first things they do is use a “dictionary” of common passwords and/or common words to try to access accounts. See our blog post “12 Tips for Making a Good Password” for additional details and tips on secure password creation.

  4. Don’t open that email attachment.

    Like most people you probably get dozens of emails per day. It’s not uncommon to get attachments to your email with pictures from friends and family, but make sure that you never open an email attachment from an unknown person. Lots of viruses and spyware are spread online by email, and if you open one of them you’ll be instantly infected.

  5. If it’s too good to be true.

    Beware the scam artists online who prey on the kind-hearted and the uninformed. The Nigerian scams (and their many variants), “donation” seekers who want your bank account information, and other pests flood the internet daily. If something you’re being told seems too good to be true, it is, and if an email or website is asking you for private information it’s more than likely a scam or some other type of internet fraud. Unless of course it really is from your bank or the government, but it would still be on a secure server (when in doubt, give them a call and ask if they actually sent the email), and you should also be sure to watch where you’re browsing!

So there you go… 5 simple things that you can easily do to make sure that your browsing experience is safe and worry-free.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.