For most, the Internet is a great tool to share and access information from all over the globe. For scammers, it’s a tool to reach a world full of potential targets. The tricks and traps of phishing sites and scam operations continue to grow more sophisticated, finding new ways to gain access to personal information, passwords, credit cards, or even remote computer access. How can the average user protect themselves against becoming the victim of an unsafe or fraudulent website?
Luckily, with a few moments and a critical eye, you can spot a number of warning signs to steer clear of fake sites. Read below to find out what red flags you should be looking out for while you browse the web.
Look at the URL and address bar
A simple change to a web address and a convincing copy of a home page can easily trick a person. The simple substitutions of the number 0 in place of the letter ‘o’ (such as g00gle.com), or the addition of an ‘s’ (such as toyotas.com) can make it easy to overlook the fact that you’re headed to the wrong website.
While you’re looking at the address bar, take note if you see a padlock beside the URL. The padlock icon indicates an encrypted secure site. While that doesn’t mean the folks behind it aren’t looking to scam, it does offer legitimate information. You can click on this padlock to see more details, including the certificate that will tell you what company the site is registered under.
The prefix https:// in the URL (as opposed to http://) also indicates that the site has been authenticated and is secure. If these are missing, or the registered owner doesn’t match the site you’re on, keep an eye out for more signs you may not be on a safe website.
Check the contact page
If a site’s listed contact information doesn’t match the company details, or they just seem suspicious to you, they probably are. Use of emails outside of a company domain (such as firstname.lastname@example.org instead of email@example.com) is a bright red flag that this site is built to scam.
While small operations and local businesses may not have custom domains and rely on email services like Google’s, most companies can’t operate legitimately without giving current and prospective customers a way to reach them – an address, phone number, something. A total lack of contact information is a clue that they don’t want to be reachable if you have a problem.
Check their social media
If you’re looking into an unfamiliar company, how legitimate do their social media profiles appear to be? Do they have an established following, and do they engage with it? Have they been posting company-related content? Have they been posting phishing links? Are they mentioned in posts about scams? Do they rely on the use of stock photography and generic content? If it feels like a fake company, it just might be.
Look up the domain
Websites are all registered with the WHOIS database, which means you can use their lookup tool to find out information like who owns the site, and how old it is. If it’s a new site, it’s more likely to be a scam – scam sites don’t last long before being reported, so are unlikely to stick around very long.
Google Transparency Report
Another easy tool is the Google Transparency Report, which allows you to enter a URL and receive a report from Google about its level of risk and security. Larger sites may require that you provide the URL to a specific page, rather than the general web address.
Scammers have always been creative, and the Internet presents a digital sandbox for countless new opportunities to take advantage of regular people who don’t know what dangers to look out for online. Using the tools you have can save your data, your money, your identity, and more. If you find yourself on a scam site, exit immediately and consider reporting the site to Google Safe Browsing, so hopefully others can avoid it, as well.