You received a text message from your bank telling you that they locked your debit card. You’re busy getting your kids ready for school and, without thinking twice, you click the link to verify your identity. Even though the website looks legitimate, you become suspicious when they ask you to enter your Social Security number.
Fake websites are a popular method used by scammers to steal your sensitive information (like your password, Social Security number, financial information, etc.) or install malware on your device. Then, they will use it to commit identity theft and other scams.
How Scammers Use Fake Websites
Scammers are crafty, and they are really good at making these websites look legitimate. They use logos and branding from real companies, mimicking web pages from popular companies like Amazon, UPS or Facebook.
Once the fake website is created, they use it as a part of a phishing attack. For instance, scammers send you a text message or email claiming there is an urgent issue with your payment method on your Amazon account. When you click the link and enter your financial information on the fake website, it goes directly to the scammer, who can use it to make fraudulent purchases.
6 types of fake websites to look out for:
- Login or Verification Websites: Just like the examples above, scammers create fake login pages and send links to these websites in phishing messages to trick you into entering your sensitive information.
- Shopping Websites: These fake websites offer unbelievable deals for trendy items. Scammers will run ads on social media to attract people to these fraudulent online stores. When you complete the purchase, scammers gain access to your financial information and you are left with nothing.
- Delivery Service Websites: Scammers create websites that imitate popular delivery services like USPS, Fedex, or UPS. They send you phishing messages asking you to click the link and update your delivery address or payment preferences.
- Healthcare and Insurance Websites: Scammers use fake healthcare websites, asking you to verify your insurance information or Social Security number.
- Travel Booking Websites: Similar to the fake shopping websites, scammers create fraudulent travel booking websites to sell you fake airfare or hotel stays at ridiculously low prices.
- Tech Support Websites: Scammers pose as a tech support representative and use these fake websites to gain remote access to your device.
Tips to Spot Fake Websites
Before clicking on a link or entering any information on a website, take a moment to really look at the address and the website itself.
Pay close attention to:
- The website URL. Look for extra characters and carefully review what immediately precedes the final “.com”, “.org”, “.net”, etc. For example, “Amazon.com.confirm-login-info.com” is not a real Amazon webpage. The actual website is “confirm-login-info.com”.
- Spelling errors or design flaws. Although scammers want the website to look as legitimate as possible, they are moving quickly and may miss errors that a real company wouldn’t usually make. If a website has a strange layout or doesn’t have contact information, it’s most likely fraudulent.
- The padlock icon and “https:” at the beginning of the web address. These show whether or not a website has a SSL certificate—or security certificate. You shouldn’t rely on these as the only way to verify a legitimate website because scammers have started using SSL certificates to make their website look more real. However, they will let you know that the connection between your browser and the website server is encrypted, preventing others from intercepting your communication.
- A gut feeling that something isn’t right. Don’t set your suspicions aside for a deal that’s too good to be true. If you have an inclination that something is wrong, move on.
There’s no denying that scammers have gotten really good at creating convincing fake websites to use alongside their phishing attacks. To protect yourself from scams and fraud, it’s important to pay attention to the subtle signs that something isn’t right. Whenever you’re dealing with your sensitive information, take your time and eliminate distractions before you mistakenly hand your information over to a scammer.
This is an update of a blog originally posted on March 1, 2022.