Spotting Fake Websites

What Are Fake Websites?

Fake websites are copies of real sites designed to steal your login credentials, payment details, or personal information. Attackers create convincing replicas of banks, social media platforms, online stores, and more.

Check the URL Carefully

The web address is your first clue. Attackers use tricks to make URLs look legitimate:

• Misspellings: "amaz0n.com" instead of "amazon.com"
• Extra words: "login-facebook-secure.com" instead of "facebook.com"
• Subdomains: "paypal.com.malicious-site.net" - the real domain is "malicious-site.net"
• Different extensions: "microsoft.net" instead of "microsoft.com"

Tip: Always look at what comes just before the first slash. In "https://secure.bank.example.com/login", the real domain is "example.com", not "bank".

Look for Visual Red Flags

Fake sites often have small mistakes that give them away:

• Poor grammar or spelling errors
• Blurry or low-quality logos
• Mismatched fonts or colors
• Broken links or missing pages
• No contact information or "About Us" page

Check for Urgent or Threatening Messages

Fake sites often pressure you to act fast. Watch for messages like:

• "Your account will be suspended in 24 hours"
• "Verify your identity immediately"
• "You won a prize - claim now before it expires"

Legitimate companies rarely create this kind of urgency.

Verify Before You Enter Information

Before typing your password or payment info:

• Open a new tab and navigate to the site directly
• Check your browser's password manager - it will not autofill on fake sites
• Look for the padlock icon, but remember that fake sites can have HTTPS too

When in Doubt

• Do not enter any information
• Close the tab immediately
• Go directly to the real website by typing the address
• Contact the company through official channels if you are concerned