With so called "social engineering" attacks rife, one tactic scammers will use to part you with your money and / or login details is to create websites that look like the site you thought you were visting, but aren't. This month's HowTo outlines a few things you can check if you're unsure whether the site you're on is genuine.
1. Check the URL
This is the most important one. You can create a website that looks identical to another, but you can't set it up on the correct web address, so always check the URL in your browser's address bar if you're unsure. Sometimes, it clearly won't be the right thing. Sometimes, it might look close to the right thing if they've managed to register an address with a similar look (eg amaz0n.com rather than amazon.com).
The bit after the final dot is also important (the TLD). There's hundreds of these available, so someone might try and register amazon.xyz instead of amazon.com. Finally, check for subdomains. Domain names are usually in the style of something.com, but you can add as many items before the "something" separated by dots. For instance, we could easily create an amazon.3ait.co.uk link. Only the part just before the TLD (.co.uk) matters in this case. Anything before it should be disregarded in terms on verifying a site is genuine.
2. Check for https, but don't rely on this
One other part of the URL that can be checked is at the very beginning - seeing whether it starts with https. All modern browsers make it pretty obvious if it doesn't these days - warning that a site isn't secure or similar if it's running over http rather than https, there's almost certainly something wrong unless you know for certain there isn't. However, https is not a mark of a website's authenticity. Any website can run over https and can do this for free without validation from any external authority.
3. Check the website’s design and quality
Legitimate businesses invest in their websites. If the website looks outdated, poorly designed, or has multiple broken links, it’s likely a scam, or possibly a one genuine but now abandoned website. Professional sites tend to have well-thought-out, functional design and attention to detail. However, again, do not rely on this. AI will make it much easier for scammers to create professional looking websites in seconds.
4. Beware of too-good-to-be-true deals
Scammers often lure you in with unbelievable deals like “50% off” or “free gifts with every purchase.” If the offer seems too good to be true, it probably is. Always do some research before making any impulse buys.
5. Investigate the domain age
If the website is brand new, that could be a red flag. Scammers often set up fake sites and shut them down quickly. You can check how long the domain has been active using tools like https://lookup.icann.org/en/lookup. If the domain is only a few months old, proceed with caution.
6. Check for spelling and grammar mistakes
Professional websites should be free of errors. If you notice multiple spelling or grammar mistakes, especially in product descriptions, about pages, or blog content, that’s a red flag. A reputable business will ensure their site is well-written and error-free. However, again, don't rely just on this. AI will make it much easier to create error-free content.
That's assuming the errors aren't deliberate, of course. If you've ever wondered why you've seen a scam that is so clearly badly worded that you've wondered why they didn't spend a few minutes putting more effort in, this isn't necessarily a mistake. If you're sending a scam email to millions of people, you can ensure you're only then dealing with the people that are most likely to fall for your scam by filling it with obvious red flags leaving only the easiest to dupe people hooked by it.