Most of the 1.7 billion websites found online live only to scam you. Therefore, you should learn the tips to ascertain which website to visit and which one to dodge to secure your money and personal data. We’ve highlighted crucial signs to look out for to identify scam sites.
Check the URL Name
The URL or domain name is the core of the website address you seek to visit. In other words, the domain name holds the identity of the website. Fraudsters know that most people rarely double-check the URL name, so they create a fake site with a similar name to mislead users. They masquerade popular sites like Walmart and PayPal, creating an alternative site with an almost unnoticeable difference. For instance, fraudsters will create a site named “rnicrosoft.com” to mislead users searching for “microsoft.com.” This is called “typosquatting.”
The cybercriminal may also use the phishing method to entice you to open the fraudulent website unknowingly. Phishing involves sending an email to users asking them to click a provided link for further information. The provided link has a misspelled domain name, so it might be hard for you to notice the typo.
Your main objective should be to identify these fraudulent sites and avoid opening them. Logging into any of these websites allows the attacker to harvest your login details and other personal information, which they can use for other fraudulent activities. So, before you hit “Enter,” double-check the domain name.
Locate and Scrutinize the Padlock
Today, all secure websites have a padlock icon when you type them on the address bar. The padlock represents TLS/SSL certification which enhances data encryption between you and the website.
Therefore, if there’s no padlock to the left of the URL on the address bar, the site isn’t certified, and fraudsters may intercept any data you enter. Instead, most of these websites show an exclamation mark to warn you of lurking danger.
Not all the sites with the padlock icon are safe for you to browse although the SSL certificate helps you identify fraudulent sites pretty quickly. It would be best to ensure that the site is secure and that the certificate is valid. Here’s how.
- Click the padlock icon.
- Select “Connection is Secure” from the menu.
- You should see the “Certificate is Valid” text to confirm validity.
- Click on the text for more information. The additional information indicates certificate’s issuer, recipient and expiration date.
Finding this information is a surety that you’re visiting a legitimate site.
Review the Site’s Privacy Policies
Check The Site Appeal
You can easily identify some of these fraudulent sites just by looking at the user interface, grammar, and spelling mistakes. While these mistakes are likely to occur even on the most authoritative sites, legitimate sites have professionals to check and correct the issues. So, if you come across a site full of grammar and spelling mistakes and has a questionable user interface, chances are you are about to lose your crucial details.
Install a Website Scanner
It’s advisable to add another layer of protection to automatically detect a fraudulent website and warn you before you access them. Site scanners such as “McAfee SiteAdvisor” will crawl the site and test for malware. When the tool detects harmful content on a site, it notifies you and provides an option if you still want to proceed to the site.
Note that you’ll still need to be sure of the sites you visit even if you’re using site scanners, as they may not detect all suspicious sites.
What To Do If You’ve Been Lured into A Fraudulent Website
If you’re a victim of typosquatting or phishing attacks, you should take proactive measures to protect yourself and others. Your next step depends on the information you exposed.
If you just purchased an item using your card from the site, the first step should be to reach your bank and explain to them. The bank should freeze your cards and accounts immediately to prevent the fraudsters from purchasing anything using your hard-earned money.
Note that the fraudster can use the exposed personal information such as date of birth or Social Security Number to request loans or register other accounts in your name. Therefore, you may want to freeze your credit, file a report with the police and report the fraudulent website to Google for a follow up.