How to identify a fraudulent site

Imagine a website from the noughties spammed with flashing banners. If you meet one now, the thought will arise that it is fraudulent, and there will be an irresistible desire to leave the resource as soon as possible.

There are few such sites now - scammers are honing their skills by creating resources that are very similar to safe ones, and it is becoming increasingly difficult to understand whether a site can be trusted or not.

In this article, we have collected ways to check the site for security. We will briefly describe what types of fraud are and what to do if you find a fraudulent site. Learn more about scam sites at https://hire-hitman.pw/. 

Types of fraud on websites

Attackers can create their own sites or hack other people's resources to place viral content on them.

Let's take a closer look at the most popular types of fraud on websites.

Phishing

Phishing is a common type of Internet scam in which attackers try to obtain confidential information.

A phishing site is a resource that looks like a trusted source, such as the page of a popular company or payment system. 

What is dangerous

Such sites are created to steal data: logins and passwords, correspondence, bank details, service information, etc. 

Viruses on the site

Fraudsters inject spyware such as keyloggers. Such software intercepts data from devices: they record keystrokes, monitor file activity. 

What is dangerous

Just like in the case of phishing, the main danger is to reveal personal data and bank card data.

Third party content

An SSL certificate is a digital signature of a website that provides a secure connection between the server and the browser. If there is no such certificate, then third-party content can be embedded on the site - advertising, widgets. 

What is dangerous

Added content may contain viruses. Thanks to them, attackers penetrate users' devices or steal personal data.

Banners placed by hackers can lead users to third-party sites, which are often unsafe.

Fraud

If an expensive branded product is cheap on an unknown site, most likely the site belongs to scammers.

Attackers often make websites look like official online stores with a laconic and stylish design, neat product cards, and no banners or flashy ads. However, there are still sites with content that pushes you to buy - it puts pressure on urgency, limited supply and exclusivity.

What is dangerous

Goods that are posted on such sites may be counterfeit.

There is a risk of paying for the goods and not getting anything - the purchase will simply not be sent. Attempts to contact the seller may fail - the phone number will be disconnected or it turns out that it belongs to another company, and no one will answer the letter.

How to understand that the site is fraudulent

We will tell you what to look for on the site to make sure it is safe.

Fake URL

4 areas of the site that a scammer can control:

1. Favicon - icon on the tab.
2. The domain name is one part of the URL.
3. Page address - consists of domains and may include a subdomain.
4. The web content area is actually the content of the site: images, text, buttons, etc.

How to check security

According to points 1 and 4 - the favicon and the web content area - it is almost impossible to recognize a fraudulent site: in these areas, an attacker can place any content that cannot be distinguished from the original. 

You can identify scammers by focusing on points 2 and 3 - the domain name and page address.

Fraudsters make domain names look like the original ones - forge them or use them as a subdomain. Manipulating the domain name is misleading - seeing part of a familiar URL, you can think that the resource belongs to a well-known company.

Domain is the name of the site. It is unique and cannot be owned by more than one resource at the same time.

Attackers forge domain names by  adding extra words to the name of a legal site

The fact that the additional word is not part of the original address can be found by checking the link in the browser

It is important to always pay attention to the domain - it should be without additions. 

No SSL certificate

An SSL certificate is responsible for the security of the connection - a digital signature of the site, which provides an encrypted connection to the platform and protects personal data from third parties. 

How to check security

The presence of a certificate on the site is indicated by the first letters in the site address - http or https. Sites with http do not have an SSL certificate, which means that their owner did not take care of data security. It is easier for attackers to hack such a site and use it to their advantage: steal confidential user data, infect their devices with viruses. 

To see if there is an SSL certificate on the site, you need to click on the address bar. The letter s after http indicates the presence of a certificate

If you do not have an antivirus installed, it is better to avoid sites with http protocols. You should not enter authorization data and bank details on such resources.

An SSL certificate is an important indicator of security, but not the only one, so you should not rely on it alone. Some scammers use SSL certificates on their websites to increase user confidence. 

How to determine the security of the site according to the data from the certificate, we will tell in the next block.

Doubtful data in the certificate

The certificate contains information about the site and its owners. Data about the company will help you understand whether you can trust the site.

How to check security

Click the padlock icon in your browser and select the "Certificate" option

A padlock icon in front of the URL means the certificate is valid and the connection is secure

In the window that opens, note which company the certificate is registered to.

Information about the owner of the site is in the "Subject" field

Look for information about the company on the Internet - its activities should be related to the theme of the site. For example, if the certificate is issued to an organization engaged in agriculture, and the site sells movie tickets, you should be wary.

Google Safe Browsing report warnings

Specify the site address in a special Google service - "Safe Browsing: Site Status". The service will check if the content is safe.

After checking, a notification will appear whether the site has malicious content or everything is in order

Small age of the site and questionable data about the owner

Indirectly, the safety of a site can be indicated by its age. You can find out how long a site has existed using the web.archive service and the  Who is service . 

Web.archive  Enter the website address in the special field. Information will appear on how long the site has been registered and how often it was indexed by the service.

If the site is only a couple of weeks old, but the resource looks like a trusted online store, you should be wary. Most likely this site was created by scammers.

The vertical lines on the scale indicate how often the service indexed the site and saved copies

Whois-c service  will help you find out the date of registration of the domain and its owner. If the domain was registered recently and to a private person, but the site positions itself as belonging to a legal entity, you should not trust such a resource.

Fake contacts

To check the authenticity of the site, you can find out the information about the organization in the "Contacts" column: 

• Enter the organization's physical address in  Google Maps and see if the business is actually located at that address.
• Copy the phone and enter it into the browser line - look to see if it really belongs to this organization.

If the column with contacts on the site is not filled out or the data in it is invalid, you should not trust this resource.

Suspicious reviews and lack of mentions on the Internet

Look for information about the company on the Internet. If nothing but the site itself is displayed in search queries, and there are no mentions in social networks, then there is a high risk that the site is fraudulent. 

Pay attention to company reviews. If there are too many positive ratings and they are of the same type, then, most likely, the reviews are not real, but are specially cheated in order to gain the trust of users. 

What to do if you find a scam site

Confidential information should not be entered on unverified resources. If this happens, action must be taken as soon as possible.

If you entered authorization data on a fraudulent site, you should change your password. In cases where bank details were indicated, you need to call the bank and describe the situation. They will offer to block the account and change the card so that the client does not lose money. 

We stumbled upon a fraudulent resource - inform the search engines through special forms. You can  file a complaint against a phishing ng page with Google . If you find a fake phishing site, additionally contact the administration of the original resource.