When you’re busy searching for an online site on your smartphone, it’s good to be aware that not all websites are legitimate. Fraudulent websites are designed as “phishing” tools. The creators of fake websites are hoping you’ll use your password to log in, and unwittingly give them information that will lead to your credit card and bank accounts. Bogus websites are often such exact replicas of legitimate sites, an inexperienced user might have trouble recognizing the difference. It’s important to learn how to spot the red flags, especially when you’re out and about and working from your phone. Here are a few tips to help you avoid fraudulent websites:
1. The URL (Uniform Resource Locator), the unique address of each site on the Internet, is displayed in the location box at the top the page. Get in the habit of checking this field to be sure you’ve been taken to where you intended to go. If the web address looks odd in any way, leave the site and try again by simply typing in the correct URL. Sometimes when clicking on an ad will take you to a site that isn’t what it appears to be.
2. If you arrive at a website that only contains numbers, such as an “IP” number, you can pretty much count on it being a faked website. Many inexperienced malware authors simply use an IP number rather than bothering to come up with a fake name. They’re hoping you won’t notice. If the URL box at the top shows as 224.55224.02, or something similar, it’s not a safe spot to be. Leave the site immediately.
3. Many faked websites simply use the same URL wording but attach a different “TLD”. A TLD means Top Level Domain, but we might refer to it as an extension. A TLD is the .org or .com. or .gov that follows the domain name. One way that you might be drawn to an illegitimate site is to not notice that another domain name follows the one you’re looking for. An example might be:
What you should know is that the true domain name for this site is not “yourtownbank,” but is actually “see us.com.” Always glance at the TLD, just to be sure.
4. Note whether the name of the domain you’re seeking is correctly spelled. Scammers sometimes use the legitimate domain name with one letter off. You might see something like: http://www.yourtounbank.com
It can be a slight or subtle difference, but remember that the Internet doesn’t allow for misspellings. If a misspelled domain name takes you somewhere, it’s probably an illegitimate site.
5. Finally, always look for “https” on your domain name before making a purchase. You should never buy something online from a site that isn’t secured. Most often, the “https” will follow the symbol of a locked padlock. If the site is not secure, leave it and try your transaction again, checking the accuracy and security of the legitimate website.
Remember, criminals work don’t expect to snag everyone with these scams, but it only takes a few to keep them in business. Practicing good online habits can help you and your family avoid being victimized by phishing thieves. Read more about mobile malware in our 2011 Security Report.