How to spot a fake web site – Phishing

By | 05/01/2011

In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication.

Ever got an email asking you to urgently update your account? And you get these kind of mails several times…Welcome to Phishing zone.

Tips on How to find a fake website

Check Security Signs while doing any money transaction

  • You must always look for “https” on any site you use to enter sensitive information. This includes login pages, online shopping sites and bank web sites. Notice that, there is an extra “s” in bold which tells that the server is secure. e.g for yahoo login.
  • Notice the closed padlock  / lock on the lower right corner of the browser window.  If you click on it, it will open a window that gives you more details regarding the certificate. Every company that asks you for sensitive information must have a digital certificate, preferably one from an established certificate authority.

Misspelled and fake URL Madness:-

Sometimes a site is replicated so well that you wont be able to find a difference if its really a fake one. You won’t be able to tell if a web site is a fake just by looking at the web design. These smart criminals can replicate any web site down to the last detail, and it wouldn’t surprise me if they used the same web designer to do it.

Take care of these things :-

  • Misspelled domains are big deceivers. Phishers will purchase a domain name that resembles the real domain. They will replace letters with numbers or with other letters. Pay close attention to the spelling of a domain names, and learn to spot a fake like or
  • Variations of domains should also be a red flag. Don’t click on any email that contains URLs like . A legitimate URL should read if it actually belongs to Yahoo! Anyone could’ve purchased for a scam (I’m just using Yahoo! as an example here).
  • An IP address looks something like Bottom line, never trust emails that point you to URLs that only show an IP address.

Some more tips :-

  • Ask F-Secure Tool to see if the website is fake or not.
  • Never test web sites to see if they’re legitimate or not. This means entering passwords or personal information. These sites may install malicious software known as key logger software that records everything you type, then sends that information to spammers.
  • Stay abreast of the latest scams: The FBI’s web site has a list of all the latest scams reported, so check it periodically.
  • If you’re being urged to “verify” sensitive account information, contact the company directly instead. Always type the web site’s address in the address bar instead of clicking links on suspicious emails.
  • PayPal never uses generic greetings in their emails. Next time you get an email from PayPal, check the salutation, as PayPal will usually use your member name.
  • Emails from banks and credit card companies will usually include partial account numbers. Therefore, one should always be suspicious if the message does not contain specific personal information.

Test Your Phishing IQ:-

The Washington Post and MailFrontier have some excellent tests you can try out. Find out how well you recognize a fake. Then come back, and tell me how you did.

Phishing is a one of the fastest-growing cyber crimes according to the FBI, and one that costs consumers millions of dollars each year. These scams have one purpose: to get as much personal information from a user as possible. This includes login information, Social Security numbers, date of birth, and other identifiable information that can help scammers open up bogus accounts under your name or steal from your existing ones.

Leave a Reply