Have you ever been surfing the web and seen something that warns you that an account of yours, like your bank, has been hacked? Or maybe you were checking your email when you see a message from a department store you shop at that warns you of changes to your account that you need to verify?
These are just a few examples of the kinds of trickery a phisher (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) will use to get your sensitive, personally identifiable data from you. And they’re great at it.
One of the more popular method used by phishers to scam you is to hire a web developer to create a fake web site to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another web site, it’s very easy to be fooled with a fake web site if you don’t know what to look out for. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the Internet address, or “web site”); but there are simple ways to spot a fake web site.
Common URL set ups
All HTTP URLs (i.e. your basic web site) follow a common format:
The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.
The actual domain and the tld (e.g. “
.org“, etc.) will always be the last parts of the URL before the first single forward slash (“/”) or a question mark (“?”) in an Internet address. Find that, and you’ll immediately know if you’re where you think you are online.
It’s important to note that a domain can have sub-domains before the “
domain.tld“, such as our own http://stopsign.com/blog/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their web site.
How to spot a fake or scam web site
Spotting a fake site is as simple as looking for the
domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see
http://www.chase.com; but if you saw
http://www.chase.com.example.com/ then you know that you’re not really on
chase.com; you’re on
example.com. This is one of the most important ways to tell a fake website from a real website!
Examples of valid
Examples of invalid
Did you see how all of the valid URLs have “
example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.
Learning how to spot a fake website is relatively simple, will save you a ton of frustration, headaches, and maybe even money. Make sure you know what you’re really clicking on, or you could wind up as the victim of a phisher or an identity thief.