How to Spot a Fake Website

How to Spot a Fake Website

Have you ever been surfing the web and seen something that warns you that an account of yours, like your bank, has been hacked? Or maybe you were checking your email when you see a message from a department store you shop at that warns you of changes to your account that you need to verify?

These are just a few examples of the kinds of trickery a phisher (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) will use to get your sensitive, personally identifiable data from you. And they’re great at it.

One of the more popular method used by phishers to scam you is to hire a web developer to create a fake web site to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another web site, it’s very easy to be fooled with a fake web site if you don’t know what to look out for. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the Internet address, or “web site”); but there are simple ways to spot a fake web site.

Common URL set ups

All HTTP URLs (i.e. your basic web site) follow a common format:

http://domain.tld/

For example:

http://example.com/

The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.

The actual domain and the tld (e.g. “.com“, “.net“, “.org“, etc.) will always be the last parts of the URL before the first single forward slash (“/”) or a question mark (“?”) in an Internet address. Find that, and you’ll immediately know if you’re where you think you are online.

It’s important to note that a domain can have sub-domains before the “domain.tld“, such as our own http://stopsign.com/blog/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their web site.

How to spot a fake or scam web site

Spotting a fake site is as simple as looking for the domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see http://www.chase.com; but if you saw http://www.chase.com.example.com/ then you know that you’re not really on chase.com; you’re on example.com. This is one of the most important ways to tell a fake website from a real website!

Examples of valid example.com URLs:

  • http://www.example.com/
  • http://example.com/
  • http://blog.example.com
  • http://www.example.com/blog/
  • http://www.example.com?string

Examples of invalid example.com URLs:

  • http://www.example.fakeurlgoeshere.com/
  • http://example.fakeurlgoeshere.com/
  • http://www.example.com.fakeurlgoeshere.com?string

Did you see how all of the valid URLs have “example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.

Learning how to spot a fake website is relatively simple, will save you a ton of frustration, headaches, and maybe even money. Make sure you know what you’re really clicking on, or you could wind up as the victim of a phisher or an identity thief.

Image courtesy of geekandpoke

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

About Jon

Jon has worked in the tech industry since the pre-Bubble dotcom days and still has a 1200 Baud modem somewhere in his garage. When he's not advocating the use of strong passwords and being smart about social media, he's working on finding new ways to convince his wife that bacon is a vegetable which should be eaten with every meal.