Of the 1.7 billion sites on the internet, many of them are scam websites that exist solely to scam you. Here are some indicators of a fraudulent website that you should be aware of.
A website URL with the wrong name
Verify that the domain name matches the site you intend to visit before proceeding. Criminals create fraudulent websites that appear genuine under the guise of a business you’re likely to recognize. They can imitate companies like Amazon, Wal-Mart or PayPal.
The distinction between the name of the legitimate website and that of the fraudulent website is sometimes almost imperceptible. There are two main methods by which a cybercriminal, or a threat actor, convinces you to visit a bogus website.
The first option is to use a technique known as phishing. It is a type of cyberattack that is carried out mainly through the use of email. By clicking on the link contained in the e-mail, the threatens the actor sends you to a spoofed version of the legitimate website.
Another way the threat actor can trick you into visiting the fraudulent website is through a technique known as typosquatting. It is the practice of using common misspellings of domain names (for example, amazom.com).
You think you entered the domain name correctly, but you are actually visiting a fake version of the legitimate site. If you’re lucky, your web browser will give you a warning message.
A pop-up question if you intended to visit another website
This is an attempt to collect your login credentials and other personal data. The threat actor attempts to obtain information such as your credit card information when you log into this scam website. They then use those credentials on the legitimate website or any other website where you use the same login credentials.
Look for the padlock, then look again
When visiting a website, look for the padlock to the left of the URL to verify that the site is secure. When a padlock appears, it means the website has been protected with a TLS/SSL certificate. This encrypts data transferred between the website and its users during transmission.
If no TLS/SSL certificate has been issued, an exclamation mark (!) appears to the left of the domain name. It will be in the address bar of the web browser. If a website does not have TLS/SSL certification, the data you submit is at risk of being intercepted by third parties.
Unfortunately, not all SSL certificates are legitimate. That’s a big downside. It is possible to identify these sites quickly, however, it is good to check the padlock more closely just to be sure.
Verify a secure website connection
To verify that the connection is secure, first click on the padlock, then select “The connection is secure” from the context menu. To confirm that the connection is secure, click the button.
Once you’ve confirmed that the certificate is legitimate, you’ll see “The certificate is valid” in the next menu. Click on this link for more information. To verify that the certificate is valid, click the Validate Certificate button.
A new window with certificate information will appear on the screen. You can find out at which site the certificate was issued and who issued it. Additionally, you can see when it expires by viewing the certificate details.
The padlock (as well as the certificate information) does not always protect you from fraudsters. However, it is a strong indicator that you are visiting a reputable website in most cases.
See the website’s privacy and return policies
Check for spelling, grammar, and UI errors
Even on the most official websites, a spelling or grammatical error is inevitable. In most cases, however, teams of specialists are responsible for designing the websites in question. Therefore, beware of a website that looks like it was developed in a single day by a single person.
Notice if it’s littered with spelling and language mistakes. Also, check if it has questionable user interface. These are all good indicators that you are visiting a potentially dangerous website.
Use a site scanner
A site scanner will help you avoid fake Amazon sellers. Additionally, web crawlers and malware scanners scour the web for spam and malicious code. If you attempt to access a harmful site, the app notifies you to confirm that you want to continue.
Consider using a site scanner as an additional layer of security.
What to do if you’ve been scammed
You can protect yourself against online fraud by following a few simple steps. The course of action you take next is determined by the type of information you think the fraudster may have.
Suppose you realize that you made a transaction with your credit or debit card from a fraudulent website. First, call your bank’s customer service department to let them know what happened. They will then freeze your accounts and credit cards so that the threat actor cannot make any purchases using your information.
Likewise, suppose you suspect that they might also have your personal information. If you think someone has entered your social security number, date of birth, address, or other information, freeze your credit. This ensures that the scammer cannot take out loans or open new accounts in your name.
Once you’ve dealt with it, file a report with your local police department. Also, notify the Internet Crime Complaint Center and report the website to Google.
Image credit: Mikhail Nilov; pexels; Thank you!