How to spot a fake website

2nd Mar 2021

Below is the IPS summary of a more detailed article from our friends at ProPrivacy.com on the tell-tale signs that a website is not all it seems – and likely the gateway to a scam. (Click here to read the full article.)

Protect your friends by sharing this article with them:

The website address is its URL

If you visit https://www.bbc.co.uk/news to check the news or https://www.google.com/maps to plan a trip, you are visiting a web site with a web address that is unique and has been assigned a Uniform Resource Locator (or URL).

In the BBC News example there are five parts to the address to be aware of:

  • https:// – This is the way your computer communicates across a network, in this case the internet. The “s” means the site is probably secure for you to visit – but this is not a guarantee it is because scammers have made good progress recently in scamming the “s” part to make you think their site is secure.
  • www. – world wide web. This used to be important but is becoming superfluous. To load a web page by typing in the browser you can just start with “bbc.co.uk/news” and you will reach the intended page.
  • bbc  – The brand who owns this space on the internet and this website
  • .co.uk  – A commercial entity based in the UK
  • /news  – Which part (or sub-directory) of the website you are visiting.

What is a fake URL?

A ubiquitous tool in the scammer’s toolbox is the creation of a fake website with a fake URL.  They use “phishing” texts, emails and phone calls to trick their targets into visiting these convincing looking websites (that may well be designed to look exactly like the NHS or HMRC or Amazon websites) where they capture personal data to fuel their criminal activities. Where the website is a fake but pretending to be another, the technique is known as “URL spoofing”.

In the fake Facebook page below, you will see that the URL has unexpected characters in front of the word Facebook. Victims likely clicked a link to reach it and didn’t notice that it was not legitimate. Once they click the Login button their username and password can be collected by the scammers to access the real Facebook site. They would also try their luck to see if this password works on any other sites this user visits.

Tips to avoid the fake URL trap

If something feels wrong, follow your instincts and investigate. A quick Google search where you type “HMRC scam” or “DVLA scam” or “Amazon scam” will quickly reveal that you are not alone and many other people are sharing warnings that can help you. But not every scam is so widely known and discussed.

Most advice on this can be summarised as “think before you click”.

  • Don’t click URLs you don’t recognise or don’t make sense to you
  • Don’t click URLs inside emails that come from senders you don’t recognise
  • Don’t click URLs with spelling mistakes in them
  • Be wary of shortened URLs (with a few numbers and letters) and where they are taking you on the web.  This is a technique scammers use to avoid detection. Does the site you end up visiting make sense to you?  Does it feel like you expected?
  • Before clicking a URL that arouses your suspicion, do your own separate check on the web to see if you can find this page yourself.

Additional preventative measures that can protect you include:

  • Keep your computer software or mobile operating system or browser software up to date. (Every time Microsoft or Apple or Google update their software they include new security measures to protect their users).
  • Consider anti-virus software to increase your protection
  • Make sure all your passwords are long, strong and different for all your online accounts

How to get out of the URL trap (if you fall in)

If you do click a fake link all is not lost. Many people reach a fake site and realise that all is not right when they are busy filling in details or are in the process of making a purchase.

  • Don’t fill in personal details and click submit. (If you do and regret it you may still have time to contact your bank and ask for help to withhold a payment).
  • Close the website and browser session and disconnect from the internet.
  • Turn-off any Wi-Fi connections you may have open to isolate your computer from any hacker who might try and get access to it.
  • If you have anti-virus software, run it so that you can tell if any malicious code has infected your computer from the fake URL.
  • Change passwords to accounts you feel are super important to you and make sure you have backed up files on your device so you can access them from somewhere else.

IPS Summary

We hope this summary is a thought provoking way to raise awareness of the many different tricks the scammers will use to convince you that their website is the real thing.  They want to fill their fake forms full of valuable personal information that they will use to exploit you.  Taking a few seconds to consider what you are about to type is one of the best outcomes we can hope to trigger.
Be just a little more suspicious on your adventures around the web than you were before you read this.

Have your say

As an IPS member, you can leave us your thoughts, comments and experiences in the commments section below

Leave a Reply

You must be logged in to post a comment.