In search of news, interesting content, or work-related information, we visit dozens or even hundreds of websites daily, and the chances of landing on a malicious site are very high. In order to mislead us, scammers can develop a website that looks identical to the original and make its address as similar as possible. Due to the danger, ESET specialists have prepared several simple rules that will help identify a malicious resource and prevent device infection.
Beware of website address errors
Using website addresses similar to well-known ones is one of the most common tactics to lure users to a malicious resource. To do this, the attackers register domains that are very similar to the official ones but contain visually ambiguous characters or additional letters or signs.
An example is “rnicrosoft.com” – a misspelled domain name “Microsoft,” where the letter “r,” followed by “n,” can be mistakenly identified as “m” (depending on the font, size, and reader’s attentiveness). Another example is replacing the letter “o” in the domain name “facebook” with the similar Greek letter “ο”.
Malefactors are forging the domain names of secure websites. ESET.
Also, attackers can create domain names that match popular websites but with typical mistakes, such as “gogle.com” and “gooogle.com.” Both of these domains now belong to Google and redirect to the official website. In turn, Facebook registered domains with “k” replaced by certain letters to protect against typos. In such cases, users are redirected to the real domain facebook.com.
As a rule, a fake website looks almost identical to the original to further confuse the user. Therefore, it is necessary to be careful when copying and pasting a URL or directly clicking on it. It is worth noting that ESET products provide protection against such threats by notifying the user about the opening of a suspicious page.
Check if the site is safe to use
If you have any doubts about the site you are about to visit or have already visited, use online tools to check their safety. Google, for example, offers its own tool that, after inserting a specific URL, informs whether the site is safe or not. Another tool is VirusTotal, which analyzes the site and checks it using leading antivirus systems, as well as identifies malicious URLs. Other tools are available at the link.
You can also perform a whois query to find out who owns a specific website domain. Whois is a record containing information about a domain, including details about who owns it, when and where it was registered, as well as how to contact the owner. To perform a whois query, you need to go to a special resource and enter the address of the desired website.
Besides this, a recently registered domain should raise suspicion. For example, the official Facebook domain cannot be registered in 2021. Another sign of a malicious domain is incomplete or error-ridden information that appears after clicking “show more data.” However, in some cases, this may be due to users’ carelessness when filling out registration data.
Pay attention to the presence of a privacy policy and contact information. If you have any doubts about the legitimacy of a particular website, you should check for the presence of its privacy policy. Since, in accordance with data protection legislation, every legitimate website must have a privacy policy to explain how it protects and processes user data.
In addition, any legitimate company that is interested in building long-term relationships with its clients should have up-to-date contact information on its page. As a rule, websites include a contact form, email, or phone number.
Make sure to use HTTPS
Websites that have received an SSL certificate are considered safe. ESET.
One of the signs of a safe website is the use of the HTTPS protocol. However, HTTPS only provides reliable encryption of the connection between the server and the user’s browser, protecting against information interception and ensuring the reliability of logging in, for example, to a bank system or another website.
Since most websites on the Internet use encryption with SSL or TLS, this is not an indicator of a secure site. However, it is worth checking what services the site offers and which organization issued the SSL or TLS certificate. To verify the confirmed certificate and find out who issued it, click on the lock icon in the browser’s address bar.
Use a reliable security solution
Using a comprehensive security solution will help protect against most cyber threats, including malicious websites. For example, the ESET Smart Security Premium program analyzes pages using a built-in scanning mechanism, searches for dangerous content, and blocks access to the site in case a threat is detected. Thus, the solution prevents the download of any malicious software.
In addition, the program also includes an Anti-Phishing feature that protects against attempts to steal passwords, banking information, and other confidential data while visiting fake websites disguised as legitimate ones. In case of attempts to access via a URL, the solution compares it with the database of phishing sites and, in case of a match, immediately blocks access and warns of the danger.
In any case, it is necessary to pay attention to errors in website URLs, carefully check their security certificates, and either enter the address manually or use only verified links.
Add a Comment