This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.
In the last three months of 2009, criminals hijacked 356 well-known brands to create phishing sites, according to AWPG. These sites are designed to trick people into giving away their personal information, such as credit card numbers. It’s identity fraud on a massive scale.
Sometimes, these fake sites are very difficult to detect, even for an expert. But here are a few things to watch out for:
- Pressure. Sites and emails that create a false sense of urgency (‘your account has been suspended’, for example) are a common tactic.
- Promises. Alternatively, you get an offer that sounds too good to be true (such as ‘sign up now and get a free MP3 player’).
- Pretending. Check the website address in the browser bar. If it doesn’t look right, be on your guard. For example, weird variations or misspellings of the company name.
- Poor spelling. Criminals who don’t speak English as their first language are prone to make tell-tale spelling errors.
- Padlock. When you are entering personal information, you should check for the golden padlock in the browser address bar. If it’s not there, beware.
However, sometimes, criminals can create a perfect copy of a real website and so you need some extra help to detect the fakes. This is where Extended Validation SSL certificates come in.
The SSL bit produces the golden padlock and it means that your data is encrypted before it is sent to the website owner. The Extended Validation bit is new and it shows that the identity of the website owner has been checked and that this is really their site and not a fake. It displays a green background and the name of the site owner in the address bar – this is your sign that you’re safe.
Test your skills in spotting fake sites with VeriSign’s Phish or No Phish online quiz. Check out Get Safe Online’s tips on avoiding criminal websites.
{ 1 trackback }
{ 1 comment… read it below or add one }
As an employee of VeriSign I appreciate the posting of this list; definitely all those P’s are great indicators of trustworthiness or fakery. However, just a note that SSL, EV or not, is certainly not the only way to tell if a site is legit; our VeriSign Trust Seal, for example, was designed specifically for sites that don’t need encryption (medical & legal sites, and vendors who use 3rd party shopping carts), but it still provides authentication and malware scanning. Looking for symbols is essential, but it’s also important to know what’s under the hood of those symbols to protect you.