Beware of Advanced Look-alike Websites
March 12, 2021
Phishing scams have taken many forms throughout the years and it can sometimes be difficult to keep up with the new tools that hackers have developed to steal consumers’ personal and financial data. Since the internet boom in the early 2000’s, one of the more common methods has been creating domain names and web pages that are virtually indistinguishable from actual websites, then sending links to these websites to vulnerable users’ emails. 1,500,000 new phishing webpages are created per month, so it’s clear this problem is not slowing down anytime soon.
A recent alert from security specialists has drawn attention to cybercriminals who have developed a way to make these look-alike pages even more convincing. Scammers use a special tool that automatically displays your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.
To add another layer of sophistication, savvy hackers will “spear phish” in an attempt to increase an email’s apparent legitimacy. Spear phishing involves researching their target so they can include personal information harvested from public sites like Facebook or Instagram in the email. Including these details is intended to trick consumers into overlooking the other more suspicious parts of the email and get them to click the links, open the attachments, or input their information into login pages.
While phishing is still very common and getting more sophisticated, so do fraud prevention techniques and technologies. There are two steps you can take to maintain your security: anti-phishing training and anti-phishing software. You should rely on either of these independently – but instead use them together to protect yourself.
Here are some anti-phishing habits you should become accustomed to in order to protect yourself:
- Never click a link in an unexpected email. Most important communication is either expected or will use more direct methods of contact.
- Remember that any site, brand, or service can be spoofed. Cybercriminals rely on your trust in a brand in order to get you to let down your guard.
- When you’re asked to log into an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.
- Make sure you are using a secure internet connection. Before submitting personal information, ensure your connection to the website is secure by checking for “https://” in the address bar in your browser. If the site begins with “http://” the connection is unsecured. There should also be a “lock” icon in your browser’s status bar that verifies a secure connection.
- If your email doesn’t already have built-in fraud protection, you can look into third party security software for added protection. These programs are kept up-to-date so as the cybercriminals methods evolve, your protection will also keep up.
- Install a firewall. Firewalls prevent attacks on your computer from the internet by identifying malicious connections.
- Keep your browser, anti-virus, anti-spyware, and firewall up to date.
- Avoid emailing personal and/or financial information. Email systems are not encrypted by default and therefore your data could be intercepted by hackers.
This article uses information from https://www.revbits.com/blogs/lookalike-login-pages and "Scam of the Week" from https://blog.knowbe4.com/