Sunday, February 5, 2023

5 Ways To Tell If You Are At A Spoofed Site

 


One of the main objectives of a Phishing attack is to get the victim to open either an attachment with the malicious payload attached to it, or to get that person to go to a phony site where they can be lured in.  Many people have been educated enough now (I think) that they know not to open an attachment that they are not supposed to get. 

But now the problem is how to train your employees to recognize a spoofed-up site.  In all honesty, it is very difficult to tell what is real and what is not these days.  Heck even trained Cyber professionals can get duped pretty easily.

But in this blog, we focus upon some key areas for a person to focus on which are indicators of a phony site:

1)     Templates are used:

The Cyberattacker of today really does not want to waste time in creating and designing a whole new website on their own.  Rather, they would rather create one from a template, such as one that is provided by a hosting company.  Examples of these include GoDaddy, Namecheap, 1 and 1 Ionos, etc.  But the difference here is that these are very reputable providers.  When one creates a website from one of the templates provided them, there is usually a comment at the very bottom right of the site that says something like this:  “Website powered by GoDaddy”.  The templates that are used by the Cyberattacker typically don’t have this, or if they do, it will be some obscure name.  Or many times, the bottom of the website will have credit to the web design company that created it.  Always look for this. If there is nothing like this, then leave the website immediately.

2)     No real changes are made:

After the Cyberattacker chooses a template, they pretty much keep it the same.  They really don’t change anything of drastic nature.  So if you are in doubt, and if you do have the time, try to find the same template by going through some of the major hosting providers.  If there is a match, and there is not much changes made, then you know you are at a phony website.

3)     It takes time:

Today, reputable and honest companies are on the digital prowl to see if their website has been replicated in any way.  It’s rather easy to do that, given the search functionalities of Google today.  But if a Cyberattacker wants to create a spoofed site, at this point, they will then take their own sweet time, and do it carefully.  The thinking behind this is that if spoofed site is built quickly, then the search engines will catch on that quickly.  But if it is built up slowly, then the bots at Google which crawl every website on this planet would likely not detect in time.  But eventually, it would be noticed.

4)     Using Cybersquatting:

This is a technique used by the Cyberattacker to register a domain that is very close to the real thing.  For example, for the website of “amazon.com”, a hacker could very easily register a domain like "amazo-n.com” or even “amazon.tech”.  These are the domains that are used in spoofed sites.  Always make sure that you don’t encounter anything like this when you are visiting a site.  If the domain looks something like what was pointed out in the example, then you know for sure you are at a phony site, and leave it immediately.

5)     It looks local:

Once a website is launched, it is pretty much available for the whole world to see.  But many authentic websites will also give you a drop-down menu choice for the language you want to see it in.  But with a spoofed site, this choice is usually not offered, but rather, they make the website localized to where the end user is viewing it at.  So for example, if  somebody in Mumbai, India were to log into “amazon.tech”, the website would populate automatically in the Hindi language, without any language choice.  This is known as “localization”, and is something that is used heavily in social media.  Honestly, I never use this, and I would highly recommend that you don’t use it as well.  It’s just another great way for the Cyberattacker to track you down and build a profile on you in order to launch subsequent attacks.

My Thoughts On This:

Well there you have it, some of the top tips that you can use to tell if you are at a spoofed site or not.  Also keep in mind that the web browsers of today (especially those of Chrome and Edge) are doing a much better job of alerting you if you are going to a suspicious site.  For example, I use Chrome as my primary browser, and if there is no SSL installed on the site that I instantly get a warning message. 

But in the end, you should always trust your gut.  If a website does not look authentic to you for any reason whatsoever, then you should leave it.  But above all, you should never, ever submit your credit card number at any site unless you know for sure that it is for real.  If you have any doubts, poke around the web some more and see what other people have said about that website.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...