Fraudulent websites, or ‘spoofed websites’, are used by cyber-criminals to trick users into entering sensitive data under the impression that it is a trusted site. These websites usually impersonate popular service providers and online retailers, with popularity rising around certain dates and events like Black Friday and Christmas.
These phoney websites are usually identical to the real thing, typically only having to change the URL, which can still be hard to spot. Typosquatting is a method in which an attacker will create a fraudulent website with a URL that is almost the same as the official page – for example, instead of facebook.com it could say facabook.com. Not only would this look legitimate at first glance if sent through a phishing email, but it also takes advantage of users making spelling mistakes when entering the URL directly into their address bar.
Not only can these websites fool users into revealing confidential data, but just visiting a website of this kind could infect your device with malware that can quickly spread through your whole network, so it is not a threat to take lightly.
To avoid ending up on a spoofed website yourself, try to implement these best practices in your daily work:
- Check URLs carefully
When clicking a link through an email or typing one in yourself, always ensure the address is spelt properly. For hyperlinks, try hovering over the link before you click it in case the display text doesn’t reflect the true address. However, to ensure complete security, avoid clicking email links entirely and navigate to the website yourself through search engines or enter the known website address manually.
- Ensure site is secured with an SSL certificate
Although some fraudulent websites have been known to get their website marked as secure, this is not common practice, and most ‘secured’ websites can be trusted. These websites will be marked with a closed padlock and ‘HTTPS’ before the URL.