How to recognize a fake website

Edward G. | December 30, 2020

A fake website trend agitates even the seasoned techies. Scammers can build lookalikes of crowd-pleasing and trending platforms. Fraudulent domains present a surprisingly authentic exterior, while their shadowy purpose remains secret. Each fake website is born with a mission to mislead, deceive, and trick unsuspecting visitors. The deceitful propositions and double-dealings typically glean from appealing and irresistible offers. For example, a fake website can proudly claim to give away subscriptions to notorious and pricy services. In exchange for such goods, websites could require tokens of gratitude. Let’s review the typical warning signs and ways to fend off fraudulent domains.

What is a fake website: some backstory

A fake website, regardless of its crooked purpose, attempts to instill a false sense of trust. Copied familiar concepts make users let their guard down and create ideal conditions for social engineering. Initially, specialists labeled such copycat domains as products of website spoofing. Over time, fraudulent or phishing websites became more widely-used terms.

While the threat has persisted for decades, scammers continue to cash in on it. Recently, the news of duplicate Instagram websites came to light. The network of fake websites emerged after the culprit scraped information from Instagram profiles. In addition to generating clones of social media platforms, crooks are no strangers to impersonating banks and other services.

An unfortunate example is PayPal, a dominant international brand. The company has been an inspiration for dozens of fake websites. Their goal is simple: to retrieve your online banking details. How can you encounter such fraudulent domains? The prominent strategies revolve around phishing emails, including links to fake websites. Criminals could also exploit redirection and ads, depending on the performed scam.

How do scammers build fake websites?

  • Exact design details. Believable dupes rely on convincing appearance. Hence, their exterior will bear a strong resemblance to the original. This design polishing includes official logos, buttons, images, and texts. If criminals polish the fake website enough, users might not tell the difference.
  • Use of Punycode. Typically, people have limited options for naming their domains. ASCII (American Standard Code) is the accepted character encoding standard. In simplest terms, it means we can use alphabet letters, numbers, and some special characters. However, this excludes Greek, Hebrew, and Arabic languages, meaning they are not viable options for domain names. Punycode is a workaround, converting non-ASCII symbols into Unicode ASCII encoding. This change rewrites the rules, and non-standard characters become feasible. Fake websites exploit this conversion. Criminals convert letters like Greek Tau (τ), which resembles a typical “t.” A notorious example is the use of Punycode to make apple.com displayed on browsers as apple.com.
  • Scraping web data. While there are legitimate uses of scraping, it remains a popular fraud technique. Criminals would typically employ bots, custom-scripts, or third-party scraping tools. This automated withdrawal of web data can include images, texts, and even user data. With such a loot, criminals craft fake websites, as seen in the Instagram copycats.
  • Authentic fake websites. A fraudulent domain does not have to steal credibility from well-known sites. Hackers can build simplistic websites with a promising nature. For instance, it can masquerade as a streaming service, online shop, technical support service, etc. However, such fake websites are only after users’ data or trick people into downloading malicious software.

Typical red-flags in fake websites

  • Tempting offers. A fake website usually presents a deal you cannot refuse. However, if Spotify or PayPal suddenly runs a low-priced campaign, visit their official websites before making any payments.
  • Warnings and calls-to-action. A typical scenario here is that a fake website will create a problem and offer gracious help to solve it. A fraudulent technical support service can present frightening pop-ups, indicating that your data or device is in danger. Do not contact suspicious technicians, especially if they require remote access to devices or payments for their services.
  • Alleged partnerships or associations. It could be that hackers decide to operate as alleged partners of reliable services. Presumably, the fake website will contain logos and seemingly legitimate information about well-known companies. Nevertheless, contact the latter to ensure that the partnerships are valid.
  • Personal information forms. Fake websites can display lengthy forms, requiring you to fill in personal details. If you have never heard of a specific service, do not trust them with your data. Run a quick Google search, or skip the hassle and leave before compromising your safety.
  • Grammatical errors and design inconsistencies. Criminals rarely create identical dupes. Usually, they leave trails of evidence, such as bizarre grammatical errors, inconsistent fonts, or text sizes. Such details should raise some questions about the website’s reliability.

Tips for spotting a fake website quickly

Even if hackers attempt to create convincing fake websites, their efforts will be useless if you follow these recommendations. Put on your detective hat and inspect suspicious domains in more detail.

  • HTTP instead of HTTPS. If a domain uses HTTP, you should not be comfortable handing them your information. Of course, HTTP does not necessarily mean that a website is fake. Instead, it indicates that a site does not use SSL/TLS encryption layer, critical for secure data exchange. So, you should always look for the padlock icon next to the address bar. Even if a domain passes this test with flying colors, it might not be legitimate. Reports indicate that hackers’ scams have become more sophisticated, with many incorporating HTTPS. Hence, while HTTP is suspicious, HTTPS might not be safe either.
  • Websites look legitimate but lack consistency. It might be that hackers unwittingly leave mistakes on their sites. The primary logo might be in the wrong place, or the design can fall back to different formatting. Hence, careless execution should be a warning sign, giving you the initial suspicion.
  • Check the link. Pay attention to the domain name and look for irregular letters. Try to copy-paste it to an editor to see the result. However, the inconsistencies could be rather evident. For instance, faceboook.com is not the same as the legitimate name.
  • How did you end up on the domain? It might be that you entered a fake website from your email account, ad, or after a sudden redirect. All these scenarios sound suspicious, especially if you have clicked on a link included in an email message.
  • Find reviews and domain age online. A good rule is to look for reviews or feedback from other customers. It might be that a domain will be a part of blacklisted websites, giving you enough information to leave it. Additionally, run a website in Whois Lookup to see how long the website has been active. A relatively new domain should trigger suspicion.
  • Block access to suspicious domains. You can use the hosts file to block access to fake websites. However, instead of a manual approach, you can choose to automate this process. Atlas VPN has a unique feature called SafeBrowse. It is the tool, automatically blocking access to websites and ads that could wish you harm. It is simple, easy, and requires no input on your part.
Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.

Tags:

social engineeringpunycodehttps

© 2021 Atlas VPN. All rights reserved.