A ubiquitous tool in the scammer’s toolbox is the creation of a fake website with a fake URL. They use “phishing” texts, emails and phone calls to trick their targets into visiting these convincing looking websites (that may well be designed to look exactly like the NHS or HMRC or Amazon websites) where they capture personal data to fuel their criminal activities. Where the website is a fake but pretending to be another, the technique is known as “URL spoofing”.
In the fake Facebook page below, you will see that the URL has unexpected characters in front of the word Facebook. Victims likely clicked a link to reach it and didn’t notice that it was not legitimate. Once they click the Login button their username and password can be collected by the scammers to access the real Facebook site. They would also try their luck to see if this password works on any other sites this user visits.