HOW TO: Identify a Phising Site

December 16, 2009 | By | Reply More

Reading time: 3 – 5 minutes

Based on my previous post about using Yahoo Sign-in Seal against password theft, I have mentioned the idea behind phishing websites and the concept of phishing and phishing emails.

In conjunction with that topic, this post is aimed at shedding light about the various ways of determining how a phishing site would look like based on most phishing emails.

To refresh your memory about phishing sites, these are pages that are intended to look the same as the genuine pages of most financial related websites like Paypal, online banks, etc. but there is a catch. Once you entered your login information on these so called fake websites, chances are you might end up being broke afterward since your money could have been taken by the criminals using your personal information.

Suspected Phishing Site

Suspected Phishing Site

You wouldn’t want yourself be into such trouble so here are some of the tips that I can share on how you could determine a spoofed site.

Check the website address

Common sense will tell you if the URL is correct or not. Simply put, if Paypal.com is genuine so most likely Paypal1.com or any combination thereof is not real.

Check the http:// at the start of the web addresses. Most secured sites show https:// with the s and show a lock icon at the Windows taskbar. Although not most sites are expected to be https://, it’s important to note that the URL should be typed correctly on the address bar on your browser otherwise you never know that mistyping the incorrect URL would lead you to the phony site’s trap.

Something to note also is that not because there’s a lock icon on your browser automatically mean that the site is legitimate; again there could be a lot of factors like an expired security certificate so be watchful of any warning messages on your browser or screen.

Another hint is to check the presence of the trailing slash after each URL e.g. http://yahoo.com/ instead of http://www.yahoo.com:login&mode=secure or checking on the subdomain like http://paypal.blogspot.com instead of paypal.com since Paypal wouldn’t have a sign-in page from Blogger in the first place.

Be wary of Popups

Some legitimate sites may show popup windows before logging in so be extra vigilant of popups especially if you’re redirected from a link that you clicked from your email. Visit the website instead by typing its URL directly on your address bar.

Set your browsers to secure mode

I have previously written steps before on how to set Firefox for secured browsing and setting Google Chrome for anti-phishing so I think that would help a lot.

One rule of thumb: If you’re not sure of the website you’re trying to login, do not continue. Close your browser instead, reopen it and type in the URL on your address bar and keep an eye on the page while loading and check if it’s being redirected or not.

You may also hover your cursor on the link on your email to check what’s behind the link or where the link would be directed to because from there you will know if the link is suspicious or not.

For Firefox users, you may also use a clue viewer add-on which will provide the hint usually a snap shot of the web page behind any given link.

If you have something to add to these tips, feel free to do so on the comments section.

Tags: , , , , , , , , ,

Category: internet tools

Leave a Reply