By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Most of us use the internet without much thought. To that point, millions of people each year fall victim to URL spoofing (or fake websites) where you think you’re on a real website but, in fact, it’s a well-designed fake. What you’re actually doing is handing your information to hackers.
With URL spoofing, the hacker creates a near-indistinguishable copy of a well-known website, like your bank. You then enter your login credentials assuming nothing is wrong. When you do, however, it won’t take you to your account. Instead, it sends that info directly to the hackers.
You probably just assume the site must be down and you’ll try again later.
Google, for its part, is developing new ways to help protect its Chrome users. A feature it’s working on would act like a warning system that will tell you when you might be unknowingly visiting a fraudulent site. For instance, if you want to go to paypal.com but you actually got directed to paypa1.com.
Tools like this are especially helpful; we at Hotspot Shield have similar features in place on our app that warn users about harmful malware and fraudulent sites.
Understanding URL spoofing
The purpose of URL spoofing, or creating fake websites, is solely for collecting information or exposing your device to malware. Many of these spoofed sites look so much like the real thing that it’s difficult to tell the difference. Once you do, however, it might be too late.
The way most people land on these fake websites is by phishing emails sent out by scammers, which again, look like a legitimate email from a company you are familiar with, like PayPal. The link in the email will drive you to their fake website.
Common URL spoofing attacks to look out for
Here are the most common ways that hackers trick people into giving their info:
Hidden links – One of the oldest methods is to hyperlink words or buttons in emails, which go to these malicious sites. If you click on the link, it could infect your computer or trick you into giving information.
URL shorteners – You might also notice a short URL on a social media site, on a website, or even in an email. This is another trick. Since you can’t really tell where the link is going, when you click it blindly, you could put yourself in danger.
Links with weird characters – Links might also contain non-Latin characters, which is allowed when creating legitimate sites, but also opens up the door for fake sites to be created without you even realizing it.
Misspelled links – Finally, they use the old ‘misspelled link’ trick, which means they create a link that looks very similar to a trusted link…just like the paypal.com vs paypa1.com listed above.
Recognizing fake websites
Here are some tips to keep you safe:
- Check each and every URL before clicking, including links and buttons.
- Update your browser and antivirus software
- Look for spelling mistakes
- Keep your eyes out for news about scams, like the recent Netflix email scam
- Type the URL into your address bar yourself instead of clicking on a link
- Check to make sure you are on an https:// site (NOT
- Download Hotspot Shield to get military-grade encryption and access to its advanced malware protection feature