Posted by Nikoletta Ventseslavova

Read: to know how to prevent phishing attacks through scam websites and learn how to distinguish fake sites from legitimate ones.

The Spider sits patiently in her web waiting for dinner to fly by. Of course this happens all the time on the Discovery Channel, but today we are talking about a different kind of metaphorical spider who carries out an internet scam called “phishing”. By fraudulently acquiring personal information such as passwords and credit card details and masquerading as trustworthy businesses, phishers make their fortunes. In the era of modern technology we shop online, we make our travel arrangements through the Internet. Furthermore, most of us prefer online banking and online payment systems because it is easier and saves our precious time. But is it safe?

How to differentiate a real website from a fake one.

The first thing to look for when considering a website’s validity is its layout. Sometimes criminals make perfect replicas of real websites but scam sites often have a lot of unprofessional touches we can notice after comparison and research. Thus, we should browse the website and find out if it make us feel as secure as when we browse at a well-known website. The things we should watch for are:

• The history of the company – is there a history; are there real partners and clients of the company; is the company listed in the databases of  ripoffreport.com and http://www.ftc.gov/ (Federal Trade Commission)
• Proper Contact information – look for a regular phone number and an address: usually, acam criminals hide behind toll free numbers. Also, it is highly recommended to stay away from any company that uses free email services (like hotmail or yahoo) for their primary contact information. Hackers often use a post box office box instead of a physical address. A good tip is to use the Fin Aid database and search for a potential mail drop.
• The owner of the website – the section “About us” on authentic websites usually reveals who the owner is. If there isn’t information, an easy way to find information about the domain is via Who. is. If it doesn’t match with what is listed on the website’s page, then it is a scam site. Once you have a person’s name, a phone number, or an address you can trace this information on n whitepages.com, reverseaddress.com and zabasearch.com.
• Privacy Policy and terms of use– it is good to read carefully what this section says, because many a fake website has no statement of privacy rights. However, if the privacy policy sounds fine, then check where they back up their privacy statement with a seal program like TRUSTe. Those programs have baseline standards and revoke seals from websites that don’t keep their word.

On any website where you enter sensitive information, like login pages, online shopping sites or bank web sites you should check for security signals. This includes the URL of the website – good websites’ URLS begin with “https” on pages where you enter personal data. This means the page is encrypted and cannot be spied upon (https://www.paypal.com/, for example). Every website that asks for personal information must have a digital certificate. Look in the left corner of the browser and see if there is a closed padlock. If you click on it, it opens a small window with details about the certificate (it should be from an established certificate authority like VeriSign Identity Protection Network).

 Another way to spot a fake website is to track changes in the domain name – if it varies and differs from the name of the page you initially visited, then there is a possibilty the website is fake.

Wrongly spelled domains are also common. Phishers use domain names that are similar to real domains, replacing letters with numbers. For instance, this is  a fake version of PayPal: http://www.paypol.com/ . Variations in domains should also be a red light. For example this website belongs to Yahoo and is safe: http://security.yahoo.com/, while this one is fake: www.yahoo-security.net. The first site is a subdomain of Yahoo, meaning it is something.yahoo.com and Yahoo controls it, whereas the second site is a completely different domain name and nothing to do with Yahoo.

Hackers also use emails which contain URLs, showing only IP addresses instead of words. If we see something like this, we should skip it directly:  www.paypal@150.44.134.189 – Usually fake address URLs contain the sign “@” in the middle and an IP address number instead of a domain name.

Sometimes spammers try to trick and rob people with e-mails that pretend to be sent from a legitimate company. Although the website may appear to be realistic, look carefully at the link that opens when you hover the mouse over it (the link appears in the low left corner of the browser), but don’t click it. If the name does not correspond to the registered website name, stay away from it. Take a look at those visual examples:

If in doubt about a website’s legitimacy do NOT test it by entering passwords and information. Usually, the fake websites install malicious software known as a “key logger” that records everything you type and sends the data to the criminals. If you receive urgent mail, soliciting sensitive information, it is better to contact the company directly than fill in forms sent by mail. Bear in mind that companies like PayPal never use generic greetings in their emails. They always use the member’s name and partial account numbers. Always check the salutation.

Finally, in order to protect yourself from cyber crimes, a good way to check if a website is fake or not is to use the F-Secure Tool . You can install security software as well  – Norton is a good choice that helps in identifying suspicious websites and warns you if a website tries to steal information from you. Also, visit the  FBI’s web site – there consumers can find a report of the latest scams.

Read also:

How to protect our privacy online

The top browsers for Android devices. Find out which Android browser best fits your expectations

Speed up your PC