Fake websites are an integral part of almost every phishing scam — and they’re only getting more prevalent.

Scammers create convincingly fake websites that mirror bank login pages, password reset pages for services like Amazon and Netflix, or package delivery requests. But any information you enter goes straight to the scammers — who then use it for identity theft or financial fraud.

Scammers create fake websites to persuade you into sharing sensitive information, such as account passwords, payment details, or personal information they can use to steal your identity. Some fake websites can even infect your device with malware or trick you into buying non-existent or counterfeit products.

While some fake websites are designed to be found organically while you’re browsing the internet, most are made to be linked to in part of larger phishing scams. Fraudsters send scam emails, texts, or messages with links to websites that may look legitimate, but are designed to steal your passwords, personal data, and financial information.

Here are some of the most common ways that scammers use fake websites:

• Fake online stores with too-good-to-be-true deals. Scammers create fake online stores offering incredible deals, and then run ads for them on social media. These sites either steal your payment information or trick you into buying fraudulent products.
• Fake password login pages. Fraudsters create sites that look like login pages (for your bank, Netflix, etc.) and then include links to them in phishing messages. For example, you may receive a phishing email claiming that your bank account has been compromised and that you should click the link and enter your password and banking details to secure your account.
• Malicious pop-ups that download malware. Hackers create pop-ups on legitimate websites that download malware onto your device. Once installed, they can spy on you or scan your hard drive for sensitive information.
• Fake customer support websites. Scammers pretend to be from technical support companies and get you to give them remote access to your computer.
• Fraudulent Medicare or health insurance websites. Criminals may also target your healthcare information by creating fake websites that ask you to “verify” your Medicare number.
• Fake package delivery websites. With the increase of online shopping, scammers create fake websites that look like they’re from UPS, FedEx, USPS, and others. These fake sites ask you to verify your address and other personal information or try to trick you into giving up your credit card numbers.
• Bogus flight-booking websites. In a recent fake website scam, fraudsters create fake airfare-booking websites that steal your personal information (passport number, credit card, etc.) or sell you fake tickets.

To identify untrusted or fake URLs, look out for the following:

• Check the spelling: Ensure that the URL is spelled correctly. Scammers often create URLs with min or variations to deceive people, so be sure to double-check the spelling.
• Look for HTTPS: Secure websites use HTTPS instead of HTTP. Look for the padlock icon next to the URL or check if the URL starts with https:// instead of http://. This indicates that the website has an SSL certificate, and the connection is secure.
• Check the domain name: Ensure that the domain name matches the website you are trying to access. Scammers often use domains that look similar to legitimate ones, so be sure to look out for any variations.
• Be cautious of pop-ups: Avoid clicking on pop-ups or links in unsolicited emails. Scammers use pop-ups to trick people into downloading malware or providing sensitive information.
• Scammers Hide Behind URL Shortening Services
• URL shortening services, such as Bit.ly and TinyURL, are commonly used to shorten long URLs. Scammers use these services to hide the true destination of the URL, making it difficult to identify the website’s authenticity. Here are two examples of a fake URL created using a URL shortening service:
  • http://bit.ly/2LOiM8V: This URL was used in a phishing scam that targeted PayPal users. The URL leads to a fake PayPal login page where scammers steal users’ login credentials.
  • http://tinyurl.com/2vl9bx: This URL leads to a fake website that looks similar to a legitimate bank website. Scammers use this website to steal users’ login credentials and personal information.

To stay safe with URLs online, follow these tips:

• Hover over the link: Before clicking on a link, hover over it to see the destination URL. If it looks suspicious, do not click on it.
• Type the URL: Instead of clicking on links, type the URL directly into your browser. This ensures that you are accessing the correct website.
• Use a URL checker: Use a URL checker tool, such as VirusTotal or Google Safe Browsing, to check if a website is safe before accessing it.
• Install antivirus software: Install antivirus software on your device to protect against malware and phishing scams.
• Reputable websites typically display their contact information either on a dedicated page or within the footer located at the bottom of the HTML content. To verify the identity of the website owner and ensure the safety of your sensitive data, it is recommended to check these locations if you are uncertain whether to trust the company. If no contact information is available at all, it is likely that the site is either poorly maintained or malicious in nature.

This time of year can be stressful; Your bank account doesn’t need the added stress of giving presents to scammers. Contact us today to discuss how we can help manage security for you.