Aug 03 2022
Scammers continue to find new and clever ways to deceive and defraud the public. Spotting fake or scam websites can save you loss of money, time, and energy, so read through for the best tips on how to identify a scam website
Scam websites are almost exact copies of legitimate websites. They earn your trust through logos, branding, images, and more. When it comes to a Social Media website, the fraudulent behaviour is even worse. Spoofed accounts, celebrity impersonations, fake profiles, and fake job listings are just some of the ways scammers are trying to drive the user to click.
How can I check if a website is a scam?
Checking for discrepancies is important and, in most cases, easy to do.
SSL certificates
You may have heard of an SSL certificate before (HTTP vs. HTTPS), if not this can be an indicator of a secure website. HTTPS has an SSL certificate, therefore should lean towards being a legitimate website. However, this is not always the case. Up to 58% of fraudulent sites are now paying for and securing their sites with an SSL certificate to trick the consumer, so this should not be your only way to spot if the site is legitimate or not.
URL
The URL is long, strange, or contains lots of non-numerical characters. They are worded almost the same as a legitimate website, however with other characters following it.
Scammers are creating sites with subdomains with the name of the legitimate site (eg. Telstra.Communications.com.au instead of Telstra.com.au) so just because it has the name of a place you know, it doesn’t mean it is real. There may also be strange characters (eg. T3lstra or Telstra.C0mmunications)
Payment Options
When it comes to payment options on the website, the page MUST be secure. HTTPS, with the little padlock icon in the URL field. Do not enter details into a website without this.
A legitimate website will offer payments via major credit cards and payment platforms such as Afterpay etc. If the request is a non-descript PayPal account or some type of wiring, this is a huge red flag.
Spelling, Grammar & Content
We are all human so mistakes can be made on any website, including legitimate sites. However, keeping an eye on spelling and grammar can also be a good indication of a false website. The developer spends time working on the branding and logos, so when it comes to content, they may be shorter in description and contain multiple spelling and grammatical errors. They are going for the end goal, they want you to sign up, sign in, or sign over your money so content building isn’t top priority.
Privacy Policy
Does the website have a Privacy Policy? Privacy Policies are required on all organisations websites, so if you can’t find one or the information looks a little shady, most likely it is a scam website.
Contact page
This one is glaringly obvious. If the website does not have a contact page, or have extremely limited detail, or even completely fake information, it is a scam website. Each organisation should have some way to contact them or shows where they are located for the consumer to be able to contact or visit.
Ads (especially on banking sites)
Ads are going to be on all websites. Plug-ins are a way for sites to make money and advertisers to socially engineer targeted ads toward you. However, if the ads seem strange or take up the whole page, this may be a scam site. The ad itself can also direct you to a scam site so its best to not click further.
Banking applications should never have external advertising on their pages, so make sure if you see this, click out and login to your banking platform via a legitimate URL and not an advertised link click option.
Domain Extension
A domain extension such as .com is widely available and extremely easy to register, so these will be the most likely domains to be used for a fake website. Domain extensions such as .org, .edu or .gov are secure and far less likely to be able to be used for scam websites.
Even check with Google
As a last resort you can even ask Google! This tool from Google is a search tool you can use to input the URL and check its status!
Best practices
In the end, your best practice is to only go to a site that you have keyed in yourself or Googled to find the trustworthy website, with the exact URL.
Do not login from any link that has been sent to you via text message or email, and do not share your personal details or banking details on a site that has been sent to you.
Go with your gut, and if you think you have clicked on a scam website, log off and contact your IT professional as soon as practicable.
Like this post? Follow us on Facebook for more blogs, tips and info!
