The rise of online commerce has also led to a rise in criminals ready to cash in on the unsuspecting. Criminals target Internet users by e-mailing links to websites that mimic legitimate businesses. In fact, the real purpose of the website is to get the user to enter sensitive personal data that can be used for fraudulent purposes. This practice is known as "phishing." Website phishing has become so widespread that the United States Department of Homeland Security publishes advisories on how to avoid identity theft by recognising fraudulent websites.
- Skill level:
Look for an icon in your web browser that indicates the data you enter is transacted on a secure encrypted web server. The icon should appear as a gold coloured padlock in either the address bar or lower right corner of the browser window. In addition, the web URL prefix should be "https://" instead of "http://." Both the secure icon and URL can be emulated by phishing sites, so follow all steps before assuming the site is legitimate.
Enter the web address for sites with which you normally do business from information provided directly by the company. A company may publish their legitimate website address on business cards, brochures or other non-Internet communications.
Confirm the URL shown in your web browser with an actual employee of the company through a telephone call. Do not use the telephone number published on the website, as sophisticated scams may include someone posing as an employee to answer the phone number published on the website. Use a phone number from a published phone directory.
Install anti-phishing software or web browser add-ons that match the address you have entered (or clicked on) with a list of known fraudulent sites. Most popular web browsers include anti-phishing security features. Nevertheless, new phishing sites appear daily, so their lists may not include all fraudulent sites.
Compare the address that appears in your web browser with the company name that appears on the website. Legitimate business websites will include the business name in the very first part of the URL immediately after the "http://" or "www." Web site scams reveal themselves by having an address like "http://www.someotherwebsite.com/realbusinessname", where the legitimate business name appears after a single forward slash.
Check the website's certificate. An organisation wishing to conduct secure online commerce must obtain a valid encryption certificate. If your browser issues a warning similar to "Certificate cannot be verified," you can view the site certificate details to determine if the website is genuine. View site certificates using the "Options" menu in your browser. The warning may only reflect a discrepancy in the validation process and is not a definitive indication of a fraudulent website.
Tips and warnings
- Avoid linking to websites from e-mail or secondary websites. Phishing scams most often use e-mail to entice users to the fraudulent website. Using a "spam" filter can reduce the amount of phishing e-mails you receive.
- Consider purchasing antivirus software that includes frequently updated anti-phishing features.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for