Introduction

We often think of phishing scammers as reaching out to us first, but what happens when we fall into a trap they’ve set for us?

Sometimes, scammers set up fake websites that appear, feel, and act like the real thing. The goal varies; they may want you to provide them with login information to a legitimate site, send money, disclose health details, or give up all kinds of private data that you don’t want in the wrong hands.

Here are three ways that you might encounter fake websites these days, and how you can stay safe from any iteration of this threat!

Misspelled URLs

“Fat fingers” happen to everyone, which means we all make misspellings and typos in our day-to-day life. Hackers know this and try to exploit it. They will buy similar URLs to big-name domains and hope to trick people who get misdirected.

Sometimes this can look relatively obvious, and therefore easier to spot. Some examples might include…

• Goggle.com instead of Google.com

• Microsofte.com instead of Microsoft.com

• Help-me-Verizon.com instead of Verizon.com

Other times, the deception is much less noticeable. For instance, Amαzon uses the Greek alpha in place of our traditional a; that can be difficult to spot in an email or link. Similarly, a website posing as Instagram but using a domain name like 1nstagram.com or Instagram.com might initially go unnoticed. Pay close attention to the URL before visiting a website.

Deceptive QR Codes

Ever since the 2020 pandemic, QR codes have become much more than a way to connect with a friend on a specific app. Now we see them advertising events on the street, connecting directly with particular services, and at our favorite restaurants to pull up a digital menu.

Unfortunately, QR-code phishing attempts have skyrocketed, too. Known as quishing scams, these QR codes redirect your phone to a malicious website. Once there, hackers can install malware surreptitiously, steal confidential information, and steal data from your device. Just like with the misspelled URLs, these fake websites often closely mimic real ones to make the trap more convincing. QR codes can even redirect you to malicious mobile apps, which can appear just like legitimate purchases.

Fake Search Results

When you search for information yourself, ensure that the answers are valid and come from reputable sources. You can’t click on the first link you see and expect it to have correct, full answers every time.

If you accidentally visit a phishing site, then anything you enter there could become compromised. Keyloggers can track everything you type and search, including your log-in credentials and credit card information. The website could download malware without your knowledge or steal your data and publish it on the Dark Web.

Some signs that the website you’re looking at might be a fake:

• The URL starts with HTTP:// instead of HTTPS://

• A minor typo in the address.

• There is no lock symbol next to the URL.

• Unprofessional language on the webpages.

• Web forms that ask for too much information (ex., a signup form asking for your credit card number).

If you notice any red flags or even get a gut feeling that a webpage may be misrepresenting itself, take a step back to reassess the safest course of action.

Conclusion

Don’t get faked out by fake websites! Notice the red flags and errors to stay safer, and keep your software up to date so that your devices help protect themselves from such threats.

Use bookmarks to keep track of your favorite websites so you don’t accidentally visit a similarly-spelled trap. Ensure that the URLs always display security indicators, such as the padlock icon, before the web address. If you’re using your mobile phone, please check the URL carefully.

While it can be tricky to recognize reverse social engineering threats because the phisher doesn’t contact first, it’s just as dangerous to walk into one of their set traps. Be cautious about where you go online and protect your devices against fake websites.