The sad truth is the internet is a place where cyber criminals are after your money. Yes, by accessing this article you must be connected to the internet and therefore you are likely enjoying the benefits of a connected world, but the bad guys can’t wait to catch their next victim.
But it’s not exactly news that people want to trick one another for the same old thing: cold, hard, cash. What has changed over time is the tactics that are being used. Nowadays, with the high adoption of the internet and the rise of online shopping and banking, there is a noticeable uptick in phishing scams.
For starters, the chairman of Hillary Clinton’s presidential campaign, John Podesta, had his Gmail account compromised thanks to a phishing email attack. The email included a link to a specially designed web page that looked legitimate, so Podesta entered in his credentials… but it turned out to actually be a scam.
So how can you tell if you’re on a safe, legitimate website? How can you be sure the site is what it claims to be? Here are several ways to determine if a website is fake.
Check the URL
We strongly recommend making a habit of checking the address bar in your browser, as the URL that is displayed there contains pivotal information for safe browsing. For starters, here is some basic info that’s essential to knowing whether you are on a safe page or not based on how the URL is constructed:
Avoid HTTP Connections
Alongside the domain, there is another factor that gives away a fraudulent site: the connection security. This will make or break the privacy of the information that you transfer over the internet; if the website uses HTTP, you should know that the connection is not private and that anyone can intercept or manipulate the information you send.
A secure connection is created by SSL (secure socket layer) which has since been succeeded by TLS (Transport Layer Security). If the connection protocol within the URL shows HTTPS, you know that the connection to that website is secure.
In other words, don’t fall for a huge discount and make a purchase at an online store that uses an HTTP connection. By doing so you’ll hand over your credit card details to cyber criminals, along with an invitation to use your funds at their free will.
How to Avoid Entering Passwords on Phony Websites
Before entering credit card details on a payment page, we recommend checking the authenticity, armed with your newfound knowledge of URLs and connectivity. Of course, the autofill feature of browsers will offer to fill out forms on any website, but it’s up to you whether or not to allow it.
Here is the checklist we recommend using before entering any sensitive data:
- Check the URL for any signs of a phishing scam. If the URL is long and/or complicated, then navigate away immediately and delete any cookies that were stored by your browser.
- Look for the padlock. If it’s HTTPS, you’ll see a padlock or a key on the left side of the address bar.
How Password Managers Prevent You From Entering Data on Scam Sites
The best way to protect yourself against scam sites is by using a password manager. Once you have saved the credentials for a specific website, it won’t autofill the data unless the URL matches the one in its database. In other words, even if you do click on a phishing email prompting you to log into Gmail, the password manager won’t autofill in your credentials because it first checks to see if the URL matches one saved in the secure vault – if it isn’t, it won’t have any data to enter. If the phishing site is based on a site you regularly visit, this will be a surefire giveaway that there is something fishy going on.
Strengthen Online Security With a VPN
In addition to using a password manager, it is recommended that you enable a VPN service to give an extra layer of security, because doing so encrypts your internet connection so that the data you are sending will look like gibberish to any prying eyes.
However, if you have ever found yourself in the awkward situation of having entered your login credentials into a scam site – which could happen if the login is not yet saved in the password manager’s vault – then there are three things you can do:
- Change the password immediately using a password manager to generate a cryptographically secure password.
- Change the recovery questions as well, because hackers may use those to gain access elsewhere.
- If you used that password anywhere else, change it there as well.
Best Password Managers of 2018