Fake Websites!

More ways the bad guys are out to get you!

A new phishing threat has recently popped up whereby fraudsters are emailing individuals and businesses posing as banks, building societies, PayPal, eBay, telecoms and email providers etc and asking them to log in using the link provided within the email. Okay, so there is nothing unusual there – they’ve been trying that one for years.

What’s changed is that the new email link is pointing to a ‘secure’ website. A secure website has a little green padlock in the top left-hand corner of the web browser and we have always been advised to look for this padlock to see if a site is safe. The padlock means that the data being transferred between your browser and the website is encrypted and can’t be read by third parties.

However, recent data from anti-phishing company PhishLabs shows that nearly half of all phishing websites now have a “padlock” in their web browsers.
SSL certificates (the technical term for green padlocks) were at one time difficult for both legitimate and fraudulent websites to obtain, meaning that many fake websites didn’t bother trying to get one. Hence the advice about not trusting websites with the absence of a green padlock. However, SSLs have recently become cheaper and easier to obtain.

Simply put – websites that have a green padlock in the address bar only ensure that data sent to or from the website (username, password, credit card details etc) is encrypted and cannot be intercepted. However, it doesn’t verify that the website itself is legitimate and safe. Although you may be sending your data securely, you are still delivering it directly to the fraudster who owns the website.

So how do you make sure a website is legitimate:

If you haven’t used the site before, make sure you spend some time reading through it (poor English should raise a red flag). Make sure you can easily find the contact details as well as terms and conditions, and if it’s a retailer, check its returns policy.

Check its online reviews on sites like Trustpilot or Sitejabber. Or simply Google it.

Check the URL in the address bar is what you’re expecting to see before paying for something or entering in personal details. If it doesn’t look right, close the browser window.

Don’t put all your faith in a green padlock – use it as just one way of judging a website’s authenticity.

You can report fake websites to the owners of the real website you were trying to use. Do also report any attempted fraud to Action Fraud – www.ActionFraud.police.uk.

Posted in

Philip Brooks