The Internet is not regulated, and it is often referred to as the modern day ‘Wild West’. It is still dangerous for unsuspecting users to go wandering unawares, with one of the most prevalent dangers being the fake, or ‘spoof’ website.
There are thousands of fake websites up and running right now, trying to trick you into revealing your personal information for criminal purposes. They are designed to look like legitimate websites of real organisations, like banks, shops or government departments. They use the same graphics, layout, and site addresses, making them extremely realistic and convincing. It is vital always to check that any website you are looking at is real, especially before disclosing personal information such as passwords and account numbers.
HOW TO SPOT A FAKE WEBSITE
Use your judgment and common sense – if something looks too good to be true, it probably is. Here are a few things to look out for when spotting a malicious, criminal or inappropriate website.
Ask yourself:
Look carefully at the exact web address of any site you visit. • Is the URL correct? Many fake websites use common misspellings of company names, fooling visitors into personal information without realising they are in danger. Just one wrong letter or number is enough to land you on a suspicious website, which of course will look exactly like the real one.
• Do links work? Many fake websites are not complete replicas: they are often only skin deep. But they will carry enough information on their front page to at least trick you into entering your password. As a quick check, try any of the links shown – usually they will not work, or lead you to a blank page. At that point, run for it.
• Can you contact them? Does the site have a real-world presence (e.g. a valid address, telephone number and contact link) so that you can get in touch with them? If not, switch off.
• Are they asking for personal information? No legitimate organisation will ask you to provide confidential information such as passwords, credit card or bank account details via email.
STARTING POINT
Most online scams begin with an email containing a link to a fake website. It will claim to come from your bank or another organisation you recognise. It will insist for various convincing and frightening reasons – there is some problem with your account, that you face suspension, or that you need to verify your information – that you must click on the link and go to the website.
Already you are in trouble; simply by opening the email, you may have infected your computer. But don’t make things worse – never click on a link inside. If you are worried, go directly to the legitimate website and log in that way, or contact them by phone to check everything is alright.
THINK BEFORE YOU CLICK
Always check where the email has come from before you open it. Do you know who sent it? If it is a private email address or free account, it is not from your bank. Even if it is someone you recognise, ask yourself why they would be writing – it could be that their email account has been hijacked. If in doubt give them a phone call or send them an email to be sure.
Use the Internet to help. Google the website, along with the words: ‘scam’, ‘fraud’, ‘ripoff’, and see what pops up. You can also identify fraudulent websites with an online URL checker.
So, you have gone through all the actions above. You have decided that the website is legitimate and you wish to purchase something from it. Before you do, as a final line of defence, check that the website is secure before you enter any of your personal information, including passwords or credit card details:
• There should be a padlock symbol in the browser window frame that appears when you attempt to log in or register. Be sure that the padlock is not on the page itself; if it is, this probably indicates a fraudulent site.
• The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.
