How To Identify Fake Websites
Article by Junior Security Analyst, Rahima Malik.
Fake websites are everywhere. Over the last few years, Webshrinker has scanned millions of sites, and the rate of deceptive sites has been steadily increasing. Just this last year, we’ve found dog breeder scams and deceptive coronavirus sites.
Our AI is able to identify these deceptive sites because we’ve trained it to find them. In this article, we’ll give you some helpful tips on how to identify fake websites—the same tips we use to check our AI to ensure its categorization is accurate.
Why should you worry about fake websites?
Landing on a fake website can be a big risk. If the website contains malware, it may try to install harmful software on your device. A common scam we see tries to trick the user into downloading harmful software by actually telling them they have a virus. It can be alarming to see that your Facebook login, credit card details, and Gmail account have all been compromised. This gets users to act quickly and install something they think will get rid of the malware, only to wind up installing malware to begin with.
Other deceptive tactics include websites that mimic existing websites in order to trick someone into purchasing something (and entering a valid form of payment) or using valid login credentials. These websites often look exactly like the existing website—it’s especially popular for hackers to mimic banking sites. When a user enters their banking credentials, they’re actually handing that information directly to a hacker who can now login to their bank and make withdrawals.
If you encounter a possible scam like this and find yourself suspicious if this is actually your bank login (or your login for Facebook, Gmail, OneDrive, etc.), the fastest way to confirm a site is to locate the actual site in a separate tab to confirm the domain matches the site you’ve found.
How to identify fake websites
So now that you know why you should care if a site is deceptive, what should you be on the lookout for?
The URL seems suspicious
Sometimes you can spot a scam simply by looking at the URL in the address bar. If there are a lot of hyphens, that’s usually an indicator that the site is not legitimate. This can also be a tipoff if the site is impersonating a popular service, such as a social media site or a banking site. If you’re trying to login to your Twitter account, but the login page URL you see is just a series of numbers and hyphens, navigate away!
The domain is newly registered
A large percentage of new domains are only registered to promote a scam. In one review of FINRA-related phishing scams, an audit found that phishing sites with “FINRA” in the URL were only 36 days old whereas actual FINRA sites were 13.5 years old.
There are as many as 50,000 new domains registered daily. Unfortunately, many of those domains will be used to deceive people in some way.
Because the newness of a domain is related to how likely it is that domain is deceptive, checking the registration date on whois is a good action to take. This is so prevalent that many content filtering services (like DNSFilter) employ domain greylisting, which blocks new domains for a period of time before allowing users to access them.
It references a popular brand
Fraudulent websites may use a domain name that references a well-known brand or product name, but it won’t be the official website of that product. For instance, cheapadidas[dot]com might be a scam site offering discount Adidas footwear. Which leads me to my next clue that a site is malicious…
Prices are suspiciously low
Let’s say you go to cheeapadidas[dot]com and the prices are too good to be true. Everything is $10, and some items are listed as free. This is an indicator of a scam.
One way to confirm your suspicion is to do a web search for the url with the word “scam” at the end to see if there are any reviews indicating that the website is a scam. Trustpilot is a good source, but be wary of fake reviews. Reviews themselves can be fraudulent if they seem oddly similar, very new, or if there are very few reviews.
Bad grammar and strange phrasing
I’m not saying we can’t forgive a typo or two, but sometimes you get a sense a site isn’t even trying that hard to not be a scam. If you see typos on major sections of the website (like in the header or even in the “company” name), pay close attention. Some phishers use poor grammar on purpose. Hackers do this because they usually want to weed out the people who will spot a scam without the typos.
But also—sometimes the hackers are just lazy.
No physical address
If you don’t see a physical address or contact number listed for a company (even when you attempt to Google it), that’s a red flag. You might also notice that the “contact us” page doesn’t seem legitimate or there’s no page detailing their return policy (and no address to send returns to). If you cannot find a physical address, do not trust that site.
Bank transfers only
It’s often impossible to get your money back if bank transfer is the only payment option. Scammers usually use methods that benefit them and leave the person they’ve scammed without any recourse. You should also avoid using sites like Venmo, which should only be used with people you know personally.
You’ve been automatically redirected to a different website
Imagine you were attempting to visit the Webshrinker website but were redirected to an entirely different URL: cooldiscountshoes[dot]com. That would be incredibly suspicious. Redirects like this are usually malicious.
Flashing warning signs
Finally, giant pop-ups, flashing pages, large exclamation marks are all signs of a deceptive site. Hackers usually use this as a way to put you on alert and convince you to download malicious software. Exit the site completely and don’t return. If you really think something is wrong with your computer, contact your IT admin and check your anti-virus software. Do not follow the links on a suspicious website.
Interested in discovering how Webshrinker can help you categorize domains as deceptive so you don’t have to do it all yourself? Start your free trial today.