One of the main objectives of a Phishing attack is to get the
victim to open either an attachment with the malicious payload attached to it,
or to get that person to go to a phony site where they can be lured in. Many people have been educated enough now (I
think) that they know not to open an attachment that they are not supposed to
get.
But now the problem is how to train your employees to
recognize a spoofed-up site. In all
honesty, it is very difficult to tell what is real and what is not these
days. Heck even trained Cyber professionals
can get duped pretty easily.
But in this blog, we focus upon some key areas for a person
to focus on which are indicators of a phony site:
1)
Templates are used:
The Cyberattacker of today really
does not want to waste time in creating and designing a whole new website on
their own. Rather, they would rather
create one from a template, such as one that is provided by a hosting
company. Examples of these include
GoDaddy, Namecheap, 1 and 1 Ionos, etc.
But the difference here is that these are very reputable providers. When one creates a website from one of the templates
provided them, there is usually a comment at the very bottom right of the site
that says something like this: “Website
powered by GoDaddy”. The templates that
are used by the Cyberattacker typically don’t have this, or if they do, it will
be some obscure name. Or many times, the
bottom of the website will have credit to the web design company that created
it. Always look for this. If there is
nothing like this, then leave the website immediately.
2)
No real changes are made:
After the Cyberattacker chooses a
template, they pretty much keep it the same.
They really don’t change anything of drastic nature. So if you are in doubt, and if you do have
the time, try to find the same template by going through some of the major
hosting providers. If there is a match,
and there is not much changes made, then you know you are at a phony website.
3)
It takes time:
Today, reputable and honest companies
are on the digital prowl to see if their website has been replicated in any
way. It’s rather easy to do that, given the
search functionalities of Google today.
But if a Cyberattacker wants to create a spoofed site, at this point, they
will then take their own sweet time, and do it carefully. The thinking behind this is that if spoofed
site is built quickly, then the search engines will catch on that quickly. But if it is built up slowly, then the bots
at Google which crawl every website on this planet would likely not detect in
time. But eventually, it would be noticed.
4)
Using Cybersquatting:
This is a technique used by the
Cyberattacker to register a domain that is very close to the real thing. For example, for the website of “amazon.com”,
a hacker could very easily register a domain like "amazo-n.com” or even “amazon.tech”. These are the domains that are used in spoofed
sites. Always make sure that you don’t
encounter anything like this when you are visiting a site. If the domain looks something like what was
pointed out in the example, then you know for sure you are at a phony site, and
leave it immediately.
5)
It looks local:
Once a website is launched, it is
pretty much available for the whole world to see. But many authentic websites will also give
you a drop-down menu choice for the language you want to see it in. But with a spoofed site, this choice is
usually not offered, but rather, they make the website localized to where the
end user is viewing it at. So for example,
if somebody in Mumbai, India were to log
into “amazon.tech”, the website would populate automatically in the Hindi
language, without any language choice.
This is known as “localization”, and is something that is used heavily
in social media. Honestly, I never use
this, and I would highly recommend that you don’t use it as well. It’s just another great way for the Cyberattacker
to track you down and build a profile on you in order to launch subsequent attacks.
My Thoughts On This:
Well there you have it, some of the top tips that you can
use to tell if you are at a spoofed site or not. Also keep in mind that the web browsers of
today (especially those of Chrome and Edge) are doing a much better job of alerting
you if you are going to a suspicious site.
For example, I use Chrome as my primary browser, and if there is no SSL
installed on the site that I instantly get a warning message.
But in the end, you should always trust your gut. If a website does not look authentic to you
for any reason whatsoever, then you should leave it. But above all, you should never, ever
submit your credit card number at any site unless you know for sure that it is
for real. If you have any
doubts, poke around the web some more and see what other people have said about
that website.
No comments:
Post a Comment