How To Identify Fake Websites
How To Identify Fake Websites
If you’ve ever had the misfortune of buying fake clothes, shoes, or jewelry, then you know just how disappointing it can be to get tricked by a fake. Here you are thinking that you’re getting a deal on your favorite new Nike trainers, just to find out that they’re a cheap Chinese fake that falls apart after a week of use… bummer, right?
However, physical goods aren’t the only thing that can be faked. Websites can (and are) easily faked by hackers and scammers who are looking to steal your information, hack your bank account, and steal your identity. Although the problem isn’t quite as prevalent as it once was (thanks to improved browser security and anti-virus browser extensions), the possibility of you being tricked still remains.
While we always promote using a reliable VPN to maintain your online security, even the best VPN won’t be able to protect you if you visit a fake website. They simply aren’t designed to.
So, in today’s post, we’re going to explain exactly what fake websites are and how they work. Then, we’ll go a step further and show you how to double-check websites to ensure that the one you’re visiting isn’t a scam designed to steal your information.
What Are Fake Websites?
Now, you may be thinking, “how can a website be faked, in the first place?”
As it turns out, though, it’s actually pretty easy. That being said, good fakes are harder to come by, which often makes it easy to identify fake websites (see below). However, good fakes do exist, and are very dangerous.
Simply put, fake websites are replicas of real websites. Hackers and scammers often recreate entire landing pages and login authentication pages in an effort to deceive visitors. When visitors unknowingly enter all of their private login information into the website, the information is stolen and the site may stop working or crash (as it’s not a full-blown website).
It’s kind of like buying a fake purse or bag. It may look like a designer bag on the outside; the logo, the design, and stickers may all indicate that it’s a designer product. However, once you actually feel the material and try to use it, the whole thing may fall apart, or the logos may start peeling off, indicating an obvious fake.
Why Fake Websites Are So Dangerous
Fake websites are one of the most simple and dangerous methods used by hackers and scammers around the world. The reason they’re so dangerous is that most people never stop to look twice to make sure the site they’re visiting is actually real.
Let’s just say, for example, that you think you’re visiting your bank website or your cryptocurrency wallet. You enter your full username and password in the login box. Instead of being used to log you into your online account, the hackers then steal the information, quickly use it to log into your real bank account or wallet, and then transfer your funds to untraceable offshore accounts.
In less than 3 minutes, your entire net worth can be stolen by a clever hacker. Pretty scary, right?
How To Identify Fake Websites
While it can often be hard to tell for certain whether or not a site is fake, there are some common tells that you can check for to see if the site is legitimate. Here are the best ways to identify fake websites.
1. Double-Check The URL Address: Always double-check the URL address of the website. If you’re used to fast typing, then it can be very easy to misspell a URL and enter the wrong website address into your browser. This, in turn, can re-direct you to a fake version of the website that you think you’re visiting.
If you check the URL and the address is wrong even though the site still appears as it should, then there’s a good chance you’ve visited a fake website. Get out of there ASAP!
2. Look For SSL “Lock” Symbol: SSL stands for Secured Socket Layer and is the protocol used to encrypt data sent between your device and the website’s server. Almost all secure, legitimate sites on the internet have SSL enabled to prove to visitors that their site is safe and secure.
SSL is very easy to check for. If the site is SSL-secured, you’ll see a small “lock” symbol to the left of the URL like this:
On the other hand, if the site is not SSL-secured, then it will have a warning sign by the URL. The warning sign will often be accompanied by a message saying, “Not Secure,” or something similar:
If you’re visiting a supposedly reputable site and see that it’s not secure, then there’s a good chance that your computer may be infected with malware that’s messing with your DNS routing (see below). SSL is virtually impossible to fake, so most fake sites are not SSL-secured.
3. Check The Page’s Grammar: You’ll also want to check the website for strange grammatical errors, misspelled words, or random gibberish. If the site is a cheap fake made by a foreign scammer, then there will often be obvious tells like this.
A legitimate website will have been written by an English-speaking native (or a native speaker from wherever the website/organization is located). The grammar and spelling would have been thoroughly checked before launching the site and indexing it on the internet. So, if there are obvious grammar and spelling errors, it’s very likely a fake website.
4. Look For Site Seals of Authenticity: Some websites offer seals of authenticity. These seals are given out by internet security companies to reputable websites, so their visitors don’t have to guess.
5. Check The Site’s Logo: Obvious fake websites may have completely inaccurate, blurry, or old logos used by the organization in the past. Good fakes may be harder to tell. However, if you notice that the color scheme is off, the font of the logo is wrong, or the overall header/site design seems “off,” you should avoid entering any information on the site.
How Hackers Use Fake Websites To Steal Your Data (and Money)
There are several different methods that hackers may use to “fake” a website. Methods like re-routing are very simple while methods like a DNS hack can be incredibly complex and are typically used to target larger accounts and persons of interest.
While the end product may appear the same, the method used to get you to visit the fake site may differ, depending on the scheme being employed by the hacker or scammer. These are the top three ways that hackers use fake websites to steal your information.
Thankfully, most modern webmail programs are designed to filter out spammy and scammy messages, which drastically reduces your chances of being victimized by a phishing scheme. However, you can still be targeted by random text messages to your phone or random messages on social media platforms like Messenger, Instagram, Telegram, and others.
A phishing message is a message that’s sent by a scammer who is usually impersonating an otherwise trustworthy party. Scammers may pretend to be a representative from your bank, the IRS, a medical facility, or even your cell phone service provider.
They’ll send messages asking you to “verify information,” “double-check your login information,” or “respond to an urgent request.” It doesn’t really matter what the excuse is; the main goal is simple – to get you to visit the fake website and give up your personal information.
DNS hacks are incredibly devious and are generally the work of skilled hackers or powerful virus/malware programs. DNS stands for Domain Name System and is the system that governs how your computer’s IP address connects to web server IP addresses through the internet.
When your DNS settings are modified, hackers (or malware controlled by hackers) can manipulate your computer to visit the wrong website, even if you type in the correct URL.
It’s kind of like if somebody were to hack into your phone’s GPS navigation program and send you to the wrong address.
These are incredibly dangerous because it makes it a lot harder to identify the website as a fake.
Another widely used method of getting people to visit fake websites is by using a simple re-route. Scammers may purchase domains that are common misspellings of legitimate websites. As the visitor rapidly types in the URL address and presses ‘Enter,’ a fake version of the actual site is loaded. As the landing page of the fake website may be a complete replica of the original, you may never notice it.
For example, let’s say you’re a customer of the imaginary ABC Bank, which has a URL of www.abcbank.com.
One day, you type in www.abdbank.com without realizing it. By the type you realize the typo on your end, you’ve already given out your personal login information and had your bank account information compromised.
How A VPN Can Protect Help You Stay More Secure Online
As we mentioned above, a VPN service alone isn’t designed to protect you from visiting fake websites. The best way to prevent yourself from being victimized by a fake website is to use a reputable anti-virus/anti-malware program on your computer. This will prevent viruses from messing with your DNS settings. If the program has a browser extension, make sure that it’s enabled; this will often notify you if the site you’re visiting seems suspicious.
That being said, some of the nicer VPN services (like Surfshark and NordVPN, for example) feature built-in browser security plug-ins that provide an added layer of security while you browse. These work just like the browser security extensions used by paid anti-virus services, but come free-to-use as long as you’re subscribing to the VPN service.
No matter how advanced your internet security or VPN program is, though, you should always use your intuition and double-check websites with your own eyes before assuming a site is legitimate!