So, you must have received emails from “gmail.com” “warning you of suspicious activity on your Gmail account,” or enticing offers of “purchasing an iPad only at 20$”. Stop right there, my friend! Pause and reflect for a moment before clicking on the OK or Buy Now option, because it all may be a scam designed to finagle you off your money or swindle away your personally identifiable information (PII), or maybe infect your system with malware!
Cease to worry people, as we bring you five signs to watch out for on a “fishy” looking email, or even identify a cleverly disguised phishing email in the garb of a very genuine looking original website of your favourite brands.
Let’s dive into phishing basics before getting to the tips and tricks of identifying a fraudulent scam mail or website attempt.
What is phishing?
Phishing refers to cybercrime that has seen a considerable rise during the pandemic. It involves the using fake websites, fraudulent emails or text messages, crafted to swindle personally identifiable information of unsuspecting visitors and ultimately steal their identity or make away with their money.
The different types of phishing are spear-phishing and whaling.
- Spear-fishing: In spearfishing, the bait is thrown towards a particular fish in the school, with an intent to spoof someone in particular, rather than throwing bait randomly in the sea to entice anyone who might fall for it.
- Whaling: Whaling is done with an intent to scam the biggest fish in the sea, such as the CXO level individuals who use personal email addresses for business correspondence instead of the security offered by a corporate one.
5 Ways to identify phishing attempts with fraudulent or scam websites
- Verify the URL in a detailed manner
People are known to pay little or no attention to the address bar on top of their browsers. However, this could be one of the cardinal sins when it comes to ensuring cybersecurity. The following are the areas that can be manipulated by hackers;
- The Favicon: Websites can place an icon to their liking in this tab.
- Domain name: A trustworthy part of the URL, only if you know what you are looking for.
- File Path/Director: Same as above
- Web Content Space: The hacker can use it to depict whatever he/she wants, including a convincing copy of a legit site.
To determine a fake website URL, you need to understand how a URL is constructed;
To distinguish real from fake, you must know the actual primary domain name of the website you wish to land on. Subdomains can be designed to be misleading.
- Decide whether an SSL certificate has been installed or not
Several connection indicators within the address bar let you know whether the connection between the website and the browser is secure or not.
Initially, the internet was not designed for commercial activity and was intended to exchange information between the academics and the Government. So, HTTP was considered enough. However, any correspondence carried out on HTTP is in plain text and can be intercepted by eavesdroppers.
To counter this shortcoming as we advanced towards the era of digitalization, HTTPS was introduced. Here, the S stands for secure. SSL certificate ensures end to end encryption of the conversation being carried out.
You need to look out for the following two indicators to know whether you are on a secure connection or not.
- The padlock icon in the address bar, or;
- Verified company name when you click on a padlock
The company name badge is reflected only when the website has an Extended Validation (EV) SSL certificate in place. This certificate vets not only the identity of the organization but also its legal and physical status. The exact appearance of the EV SSL badge varies from browser to browser. However, it is an irrefutable measure of security and genuineness.
- Gauge the credibility and correctness of the website content
Any genuine website will boast of sharply presented content with impeccable grammar and optimized graphics. Shabby or broken English is a dead giveaway of the website being a scam. Shoddy work indicates hackers who aren’t well versed with language skills and are non-native speakers of the language.
Simple spelling errors, missing phrases, or words or the use of low-quality images should qualify as red flags and that website should be avoided like the plague for safety. Another section to watch out for is the lack of a detailed About Us section. Genuine website owners are very particular about adding company details such as the company’s physical location, telephone, or facsimile numbers. A fake website wouldn’t have this section for obvious reasons.
- Overabundance of advertisements
Be wary of a website that has more pop up advertisements to offer than genuine content. Ads are part and parcel of life; however, the fine line between smooth user experience and advertisements needs to be respected. If a website is all about ads popping up now and then ruining the UX, you need to get off it right now! Do not share personally identifiable information (PII) with such sites.
- Find out the owner of the website
If you wish to look up the legit owner of a website and whether it is registered in the name of an individual or an organization, you need to check the WHOIS database for credible information on the same. Suppose an individual owns the website; the database will show a name listed next to an address in the website’s being held by an organization. In that case, it will depict an organization’s name listed next to credentials like address and phone number.
If you are on a website that seems to be owned by a huge company but is registered in an individual’s name in some other country, it is pretty much a red flag.
When it comes to browsing the internet, you can never be extra vigilant about transactions’ security. Ensure that you check for any diversions from the beaten path and transact on sites with a valid SSL certificate. Got anything more to add? Let us know in the comments section below.