Phishing is a massive global issue that more than 12 million internet users fall victim to each year. Typically, cybercriminals trick users into visiting a fraudulent website where they then obtain confidential information that can be used to steal money, identifications and more. Here are a few ways to recognize a phishing site and keep your information safe:
- Incorrect domain name – scammers typically register similar but slightly different sites (i.e. “online.sberbank.ru” vs. “online.sbrbank.ru” or “sberbank.site.ru”).
- No SSL certificate – most sites use SSL encryption to protect the transfer of user data. If the site does not begin with https://, it is not a secure site. Unfortunately, getting an SSL certificate is now easier than ever, and many scammers set up their fake sites with them too. So make sure to be on guard.
- Grammar, spelling and/or design errors – large companies typically employ or outsource to professional designers, copywriters, editors and proofreaders. Scammers are usually less attentive to such details. Be wary of a site with the presence of grammatical and spelling errors and/or odd design choices.
- Odd website structures – look for links to other pages that give an error or send you to a page that is not similar to the original source page. This is a sign that you may be on a phishing site.
- No user agreement – check for the presence of a user agreement as well as terms of payment and delivery. Even if present, check the texts of those agreements and terms for anything odd.
- Physical address – make sure the physical address on the ‘Contacts’ page makes sense. For instance, an airport can’t be in an industrial zone, and a bank office shouldn’t be located in an abandoned building just outside the city.
If you do come across a phishing site, make sure not to enter any personal data. It is also a good idea to inform the original company of the fake site so they can take appropriate action and inform their customers to be aware. Search engines also have special forms so they can take actions to remove these sites from their searches and help protect others from fraudulent activities.