How to Protect Yourself from Fake Websites
Fake Websites imitating Genuine Websites are the Newest Cyber Threat. As with all other scamming techniques they use (fake identity, fake emails, fake claims, call spoofing, robocalls, fake popup window), through a fake website that looks similar to the real website of a real business and has a similar domain (example: bnpparibafortis.be), scammers and fraudsters want to steal our money.
The specific methods fake websites use to defraud people depends on what genuine site it’s imitating.
If it’s imitating a genuine software download site, it will have a download link. The link will download a file that is named like the file you expect. If you’re trying to download Adobe Acrobat, for example, the file may be named acrobat.exe. But it’s actually malware. Criminals can use this malware to steal information from your computer or lock your files and demand money to give them back.
More commonly, these websites impersonate genuine financial websites. Investment accounts, banking accounts, and especially cryptocurrency exchange platforms are all great targets for scammers and fraudsters. Once they convince you to click on their fake website, they prompt you for your login credentials which they can use on the real website and get access to your financial information.
They can also imitate email providers and similar sites to get access to your private information. This email looks like real but pay attention to FROM what email address it is provided: it’s not DHL !
How Criminals Trick You Into Visiting Fake Websites
As we described above fake website imitate genuine website and look almost like the real deal. But for this whole scam to happen, you first have to end up on a fake website. So how they attract people to give personal information to a fake website? These are some of the most common ways they do it.
Impersonating Brands with Search Engine Advertisements
This strategy has gotten so popular that the FBI released a warning about it in December 2022. With this strategy, criminals build a fake website, then they purchase search engine advertisements pretending to be the real business.
Search advertisements appear at the top of search results. They don’t look much different from actual results. Many people just click on the first result without checking to see if it’s genuine website. If you’re not watching out for it, you may click on an ad that takes you to a fake website that convinces us to give our credentials to scammers.
Lookalike Domains & Typosquatting
Lookalike domains & Typosquatting are very similar. They try to get domains that are very close to the domain of the genuine site, taking advantage of the way some letters look similar or easily mistyped.
If your bank’s website is vanlanschotkempen.com, a scammer might register vanianschotkempen.com so it looks almost exactly like the legitimate site.
The scammer creates a fake website that imitates the real website. Then they send out a phishing email with a link to their new lookalike domain and scam website. Since their lookalike domain and their imitation website appear real, it often fools people into entering their login credentials. Once the scammer has those credentials, they have access to those accounts.
In other situations, when someone mistypes the address and ends up on the scam website, they might not realize it since the fake site looks identical to the real site, they may assume they’re on a safe and secure site. The result is the same: you give your credentials to wrong people!
Hot to Protect Yourself (and your money) from Fake Websites
There are some precautions you can take to be sure you’re on a genuine website.
Type addresses directly. Instead of clicking on links or searching on Google and then clicking the first result, type the address directly into your browser. That way you can’t be caught by impostor ads or lookalike domains.
Check the address BEFORE you enter any information. Hover over a link before you click it to see the actual domain in the bottom corner of your screen. If you typed in a website, check very carefully. Look for typos or letters that look similar. Even if it looks like you made it to the right site, it’s important to check.
Avoid clicking links in emails. Phishing emails are very sophisticated and may look real. And it’s very hard to tell the difference between some letters. If an email wants you to click a link, be careful. It’s probably better to visit the site on your own, without clicking.
Install an ad blocker. Most internet browsers (even on your phone or tablet) have the option to install add-ons. Installing an ad blocker like uBlock Origin will prevent you from seeing any search advertisements at all and keep you from clicking on paid ads for malicious websites.
Report fraud. In Belgium, if you have been a victim of fraud or malware from a fake website impersonating a brand through search engine advertisements, you can report the online crime to the police in your local police station. The police services are in contact with Regional and Federal Computer Crime Units.