“7 Tips to Find Out If A Website Is False and Avoid Online Scams.” (From our Forums.)
Text originally published by Saroj Kumar on the Cyber Secure Central Forums.
Here’s how to check links, search for information, and verify who owns a site before clicking.
It is essential to know if a website is legitimate when the user intends to buy a product, make financial transactions or inform personal data. False sites are generally used to apply virtual scams and steal bank details, passwords, or facilitate computer intrusion for later attacks.
An example of this type of attack is called Phishing, where attackers used to send in emails, WhatsApp chains with fraudulent promotions using the name of the famous online store or any other known products link.
Fortunately, there are a few useful methods to make sure that the desired page is real, that it is not about fake. Here are some of the tips on what to do if you suspect a cloned or risky site.
1. Check the link and domain
If you receive a link per message and are unsure of the site’s identity, watch out for the domain. It is the core of the address, from which all others from the same site are derived. The CyberSecureCentral domain, for example, is cybersecurecentral.com — If this address is at the beginning of the link, however large, the URL is likely to be authentic.
However, if the address contains something like CyberSecureCentral, with a “p” in place of the “b”, be careful — in some cases, a dash (“-“) instead of a dot (“.”) is enough to deceive. The homographic scam consists of registering domains that seek to mimic the appearance of famous sites. Keep an eye on suspicious URLs such as “amaz0n”, “go0gle” or others. The tip also applies to less addresses ending with “.us”, “.edu” and “.org” tend to have more credibility than “.biz” and “.net.”
2. Search WHOIS
The WHOIS records domains, IPs and information about the owner of a site. Although not always transparent, since it is possible to pay not to make specific public information, the resource allows you to find the CPF, CNPJ, name, address and other data of who paid to use the address. In this way, it is likely to unmask a fake site if the data shown here is conflicting.
3. Do a Google search
If the doubt persists, another simple tip is to do a Google search. Enter the name of the store or institution you want to find to get the correct link soon in the first results. As Google feeds ranking with reputation variables, fake websites have difficulty appearing at the top of the search.
In case of e-com websites and other commercial establishments, Google usually displays the main data in an informative card with buttons for phone, address, and website — a click there guarantees a visit to the page released by the place.
4. Search for the site on Google status
In addition to showing real sites first, Google offers a tool that helps you analyze the level of transparency of a particular link. Access the tool in the browser (transparencyreport.google.com/safe-browsing) and enter the address to be verified in the main field to see if there are any harmful elements on the page.
5. Escape from Invasive Ads
Even if the visited site is true, it is important to pay attention to the behavior of the pages. If your connection is compromised — something that can happen when using public Wi-Fi — reputable sites can display content injected by hackers to try to trick victim. In these cases, the user does not see the pages as they exist, but versions modified by the criminals.
Always be wary if there are a lot more ads than usual, most of the time intrusive: pop-ups and banners offering too cheap products, pornography on non-genre sites, or exaggerated warnings about virus infection. If this occurs, close the browser and stop the connection even though the site is correct.
6. Verify that the connection is secure
Sites that deal with login, password, payment information, and other personal information must necessarily have a secure connection with the HTTPS protocol. Unless you are visiting a blog or other site that does not require your personal information, even if it not recommended, all other sites must use the technology to provide an encrypted communication channel between your computer and the server where the page is displayed.
To make sure access is protected, look for abbreviation https at the beginning of the address, or make sure the browser shows some sign in the address bar — “Secure”, “Verified”, “Protected” or certificate name in green.
7. Look for security seals
In addition to the HTTPS badge, websites that deal with bank information often bring respected encryption certificates into the body of the pages. McAfee, GeoTrust, Google Trusted Store, PayPal, Truste and Norton are some of the known certificates that may arise.
To see if they are true, click on the images and see if the site shows the detail of the security service offered by the certifier. On fake pages, these stamps are not clickable.
The content of this article does not reflect the official opinion of Cyber Secure Central. Responsibility for the information and views expressed in the article lies entirely with the author(s).