Phishing, Hacked & Fake Websites. Yesterday I posted about what is the best/safest browser to use. Browsers selection and configuration(tomorrow’s topic) is probably the best defense in most cases, but knowing if the e-mail you received is legitimate and/or the website is real is completely dependent upon the user. The first area we will cover is phishing and if the e-mail you received is the real deal.
First question to ask when you receive an e-mail is the source (i.e. bank, website, etc) one that you use. If you get an e-mail from a bank but you don’t have an account with them than the e-mail is a fraud. Now if you get an e-mail from a bank and you do have an account, but the e-mail address the e-mail was received on is not registered with them, than the e-mail is a fraud. I have several e-mail accounts and received an e-mail from a site I use, but the e-mail address was not one I had registered with that site. If the e-mail account and source match than before you click on the link put your mouse over it. It should show you the address you will go to. Phishing will give you a link but hidden underneath is a link to the fake website. Take a look at this link I have placed here for Camp Alamisco, http://www.alamisco.org, when you put your mouse over it you see it points to the conference website. If you click on the link, look what is in the address bar of your web browser. Just because it looks like the actual site doesn’t mean it is.
When you get an e-mail from a website or bank stating your account may have been compromised and to click the link to verify your information you should close the e-mail and then go to the site directly in your browser and login. Many sites have a message system that will give you a message or warning when you login to check if there has been a problem. If you are still unsure call the bank or company directly. And if they have provided a number in the e-mail do not use it. Use the number on your card or one you get from the website. Also, almost all banks, companies, websites will never ask for your password.
Hacked websites are just that. A legitimate website that someone has hacked and inserted code that will either try to infect you with malware or compromise your machine in some other fashion. There isn’t much you can do to protect against this since the site is legitimate. Your browser configuration is the best defense against this and I will cover that in my next posting.
Fake websites are ones that you can protect against. The best way to determine if it is fake is looking at the web address for the page. If the address makes no sense and doesn’t have anything to with site you are visiting than you can be 95% sure it is fake. This is where click fraud, I mentioned in a previous post, is the major contributor. Sponsored links are notorious for this, too. When you do a search on one of the search engines, many times they will a sponsored links section that supposedly points you to the website you are looking and even shows the address in the listing but put your mouse over it without clicking and look at what the link is really pointing to.
One of my first posts was to the AVG link scanner and is a free way to protect against the issues I have mentioned here.