Fake websites have become a real menace for web users across the world, but many users still have no idea how to identify and avoid them. This article provides a grounding for all web users about how to tell if a website is fake, or whether it’s the real thing. And it should also help you learn what to do about attack sites when you stumble across them.
What are fake websites and why should I worry about them?
Fake websites are sites that have only been set up for one reason: to fool unsuspecting web users into thinking that they are legitimate. When done right, fake websites look and act almost exactly like the real thing. So they may mimic your bank or cellphone company, making you think that it’s OK to act normally while you use them.
The aim of these sites is to lure you into providing personal information or to allow them to implant malware on your system.
But that’s not true. The aim of these sites is to lure you into providing personal information or to allow them to implant malware on your system. They can only do that if they remain undetected, however, which is why this primer is so important.
How to tell if a website is fake: 6 key rules to follow
Right now, could you tell whether this website is fake? How would you even start to find out? There are actually a number of methods that any web user can employ. They don’t take in-depth technical knowledge, and they could save you plenty of money and stress.
#1 Become URL savvy: Double check before clicking
One of the most common ways that phishers lure users onto their sites is by adding malicious links to phishing emails. So any time you think about clicking on a link embedded in your emails, be aware that there’s a small possibility that it could be illegitimate.
Detecting fakes isn’t always straightforward, but it can usually be done. Fake sites will often have addresses which echo actual sites like Amazon, but actually have a couple of letters or numbers out of place. It’s these discrepancies that give the game away.
So, let’s say you receive a link which includes the text www.amazonus.com. Would you click it? You probably shouldn’t because that’s definitely not how the retailer constructs its links. But if you just glanced at it, you may not notice the issue.
#2 Think about sources: where is the link coming from?
Phishers can technically take over the email accounts of friends or legitimate businesses and use these accounts to send their fake website links. But that’s less common than using accounts which resemble legitimate sources. So it’s important to be very careful about whose emails you open.
Ideally, dubious messages would head straight to your spam folder, but as we know that isn’t always the case (and legitimate emails often end up in the spam folder, clouding matters).
As a general rule, if you haven’t solicited an email or the sender isn’t known to you, alarm bells should start to ring. It’s obviously not gold-plated evidence that the sender is phishing you, but it’s something to think about nonetheless.
#3 Keep your eyes open when you land on fake sites
Sometimes, we end up at fake sites accidentally and there’s not a lot we can do to avoid them. This can happen to absolutely anybody, which means that we need to be vigilant when visiting any website.
Make sure that the URL and the content match up.
Phishers will often attract users with advertising links which seem fine when they read them, before landing them at an attack site which doesn’t actually have anything to do with the content they were promised.
Mistakes in the written content of a site are also worrying.
As a rule, pages that are littered with small errors are strong candidates for fake websites. Sure they may be poorly written, but you shouldn’t take chances.
#4 Encryption is everything: Stick to safe surfing
Another great tip for how to spot a fake website is to focus on how the site is encrypted. Ideally, the URL of a secure website should have a green padlock symbol to its left. This indicates that the site has applied for and been granted a secure SSL/TLS certificate – a very good sign from a security standpoint.
At the same time, attack sites will often simply have HTTP style addresses, instead of the HTTPS code, which indicates that the site is secure. Almost all major corporate sites are HTTPS, so if the site you’re on isn’t, it’s time to bail.
#5 Read online reviews to separate real from fake
Online reviews can be a key ally when learning how to tell if a website is fake.
Legitimate businesses will tend to have a high volume of reviews (positive and negative) at sites like Trustpilot.
Whenever you order online, it’s a good idea to check whether a company is listed there. If not, that’s a major red flag.
Even so, sometimes phishers manage to build up an online profile. In those cases, reading the reviews should be enough to identify fake sites. Fake reviews tend to be generic, lacking in detail about what was good or bad about their experience. If they feel robotic or shallow, you’ve got reason to be sceptical.
#6 Use a fake website checker to make sure
If you’re still unsure about how to spot a fake website, a fake website checker could be the right way to go. Google’s Safe Browsing tool is the best option here. Just paste in the suspect URL and the checker will determine whether it’s safe to visit. That’s not the last word. Suspect websites pop up constantly. But the register is pretty up to date nonetheless.
How to report a fake website when you stumble across a scam
If you do spot a fake website, reporting it is essential. In most cases, the best course of action is to enter the URL into Google’s reporting tool. Google will then check the URL and add the site to its register of attack sites.
But if you’re worried that the site is stealing money (or you’ve already accidentally handed details over to the site owners), you need to know how to report a fake website to law enforcement authorities. In that case, head to the FBI’s Internet Crime Complaint Center and file a complaint. It takes a bit of time, but if it helps to prevent crime, it’s worth it.