Five quick ways to spot a fake website

We’re writing a series of blog posts full of quick, actionable information that you can use to help improve security awareness in your organisation. These particular blog posts aren’t for the ethical hackers and cybersecurity experts among our audience – instead, they’re for anyone looking to strengthen their cybersecurity and improve cyber resilience.

Threat actors create fake websites as a form of social engineering, or phishing attack. They use the sites to collect data from site visitors, and gain access to passwords and/or sensitive financial or identity information.

Share this blog post with your team so everyone knows how to identify a suspicious website. 

1. Check the URL

Is the URL spelt correctly? Is there an unusual subdomain, or a domain name that doesn’t match the name of the business/website?

Genuine companies usually have a URL that is simple and straightforward, with no subdomain. 

2. Look for poorly designed sites or low quality content 

Fake websites are often (but of course not always) badly designed. Poor or illogical design elements, or content that’s littered with unusual spelling mistakes or grammar choices, can be a sign that the website isn’t genuine. 

Real websites look professional, and they read as though a copywriter wrote them. 

3. Be cautious of unrealistic deals 

If it sounds too good to be true, it probably is. 

Incredible opportunities and unbelievable bargains are used to lure victims to enter personal data onto fake sites – allowing threat actors to access that data for malicious intent. 

4. Check the contact information

The contact information provided on legitimate websites and e-commerce stores should include a physical business address and a working telephone number. 

If you can’t easily find this information on the site, or the information provided seems suspicious, make sure you verify the business credentials before you input any of your data (including your name, email address, and payment card details) onto the website. 

5. Consider the quality of reviews 

Most product and service businesses operating online have reviews from past customers. Read them – and don’t just consider whether they’re raving about the business or not. 

Do the reviews seem to follow a (slightly robotic) formula? Do they repeat information unnecessarily? Do the reviews all seem similar in some way? Do any of them include photos of people or products? Do they feel genuine? 

If you’re not confident the reviews are genuine, you might have found a fake website. And similarly, if the site claims to have many happy customers and yet there are few reviews, or none at all – that’s a concern too. 

None of these red flags are definitive signs of a fake website

Just because a website has one or more of these issues doesn’t always mean it’s fake. But identifying any of these signs is a good reason to stop, take a pause, and confirm that the site is genuine before you share any information with it. 

Website checker tools, like Google’s Safe Browsing tool, can help you verify whether a website is legitimate. 

And overall, the message is simple: be cautious, and take time to think before you enter any personal information. No matter how tempting the site’s offer might be. 

Are you working to improve security awareness at your organisation? 

At Black Hat MEA 2024 you can connect directly with the world’s leading cybersecurity awareness trainers and researchers.

Register now to attend Back Hat MEA 2024 and immerse yourself in learning directly from the leading experts in cybersecurity.