How to Identify a Fake Website

🔊 Listen to Post

Cybercriminals use fake websites for many different reasons. Some pretend to offer free utilities and tools just so they can capture your personal information or spread malware on your computer. Others take your money to sell you products that they never deliver. State actors create fake websites to spread misinformation with the goal to sow chaos in a country and divide people.

In this article, I will share some information on how to identify a fake website. This includes all kinds of fake websites, fake news, fake e-commerce sites, fake propaganda sites, etc. Some fake websites are better at fooling people than others.

This article is broken down into five sections: difference between fake website and fake news, what is fake news, what is a fake website, tips for identifying a fake website, and free tools to identify a fake website.

Difference Between Fake Website & Fake News

It’s helpful to differentiate between a fake website and fake news. The two are not exactly the same thing. Yes, fake news can be spread through a fake website so in that sense the two can be related. However, fake news is generally spread through social media and mainstream news media. The other difference is that you can often identify a fake website if you look for certain clues. It’s much more difficult to identify fake news because it’s spread through traditional media that’s trustworthy. Fake news is also spread (intentionally or unintentionally) through famous people, well-known print and television media, and major social networking websites.

What is Fake News?

According to Wikipedia, “Fake news, also known as junk news, pseudo-news, alternative facts or hoax news, is a form of news consisting of deliberate disinformation or hoaxes spread via traditional news media or online social media.”

Russia is considered the pioneer of fake news. Yale historian Timothy Snyder wrote a book a couple of years ago called The Road to Unfreedom. In his book he makes the point that the Russian leaders mastered the art of “fake news” in 1990s and 2000s to control their own society by causing confusion and chaos. According to Vox’s article How Russia pioneered “fake news”, “Russia mastered the art of “fake news” and misinformation long before anyone else, and that that’s the main reason why they’ve been so influential in a world governed by the internet and social media.”

After favorable results from its campaign of fake news within its own society, Russia decided to spread the concept externally to the United States. And it worked! Today Russia and China are not only targeting the United States with their fake news campaign, they are also targeting Europe. In April 2020, a report claimed that Russia and China push “fake news” aimed at weakening Europe.

Russians have successfully used companies like Facebook and Twitter to spread their misinformation campaign. These social media giants have failed to control the spread of fake news. On June 12, 2020, Forbes reported that Twitter has silenced 175,000 Chinese and Russian fake news accounts. This is great. But how many more accounts are still active? Twitter is trying to do something about it, Facebook on the other hand doesn’t seem to care.

What is a Fake Website?

YourDictionary.com defines a fake website as, “A website that is not a legitimate venue. For example, the site is designed to entice the visitor into revealing sensitive information, to download some form of malware or to purchase products that never arrive.”

Just like fake news, fake websites are a big business these days. For example, there are dozens of sellers on the Internet selling masks and other products that are in short supply. They typically use two common techniques to deceive people: sell the items at a very high price, or sell it too low. In case of hard to find items, like masks and hand sanitizers, they can get away with the price gauging. Because people are desperate, they pay the high price to purchase the product, but they don’t receive the item. Sometimes they receive the product but it differs from the advertised brand. Other times they receive the product that’s made at home, instead of a factory. You can easily tell by the quality and the packaging. Selling the items at bargain prices attracts innocent buyers. They may get the product, but they don’t realize they just sold their identity and privacy. That’s a high price to pay and can be very devastating.

It’s important that when you shop on the Internet, you use extreme care to ensure your privacy. Keep in mind, the website may look identical to the real website, but it may be fake.

Tips for Identifying a Fake Website

There are several steps you can take to identify a fake website.

Examine the URL in the Address Bar

1. Verify the domain name.
2. Verify lock in the address bar.
3. Verify SSL certificate’s domain and expiration date.

Verify the Domain Name

The Uniform Resource Locator (URL) can tell you several things and provide some useful information. The URL is essentially the address that you type in the address box of your browser. Look at the domain name in the URL. Sometimes the domain name on a fake website may be misspelled. For example, instead of microsoft.com it might be spelled mycrosoft.com or microzoft.com.

Verify Padlock in the Address Bar

Make sure there is a padlock at the beginning of the URL, which means the website is using Secure Socket Layer (SSL) protocol to encrypt data. Another way to ensure the site is secure is to look at the URL, it will start with https, instead of http. Just be aware that your browser may require that you click in the address bar to see the complete URL. Usually, it’s much more convenient to look for the padlock in the address bar because it doesn’t require any extra effort on your part.

Verify SSL Certificate’s Domain and Expiration Date

Encryption requires a certificate. You can ensure the validity of the certificate by clicking on the lock and then looking at the certificate. There are at least two things you should verify about the certificate. Check the domain name to make sure the domain name of the website you are visiting is correct. A person can easily copy someone else’s website (e.g. PayPal.com) to their own site. If you don’t pay attention to the domain name, you could be visiting a fake website. That’s why you should not go by just the looks of a website, you want to verify the domain name in the address bar to ensure you are visiting the correct site.

The second thing you want to look for is the date of the certificate. Depending on the type of SSL certificate, they are usually issued for anywhere from three months to two years. As long as the date contains either today’s date or a future date, it’s a valid certificate.

Never Pay with a Bank Transfer

If you are purchasing a product online, use a major credit card. This is the safest method to shop online because the major credit card companies use various techniques to monitor fraud and offer zero-liability fraud protection to its customers. Thanks to the Fair Credit Billing Act, you’re protected from unfair billing practices, such as unauthorized credit card charges, and charges for goods and services you didn’t receive. Although most people don’t use bank transfers to make payments online, if a website requests a bank transfer you should avoid doing business with them. Once you make a payment with a bank transfer, it’s difficult to get your money back if the sale was fraudulent.

Poor Grammar, Spelling Mistakes, and Typos

As I pointed out in my article An Anatomy of a Suspicious Website, if a website is full of broken language, typos, spelling mistakes, and grammatical errors, it’s likely to be a fake website. I use an actual website in my article as an example. I go into details to discuss the telltale signs that make a suspicious website stand out. Fake websites will take your money but may not deliver the goods or services.

Offers That are Too Good to be True

This is a common technique used by scammers. They offer products on their website at a ridiculously low price to attract their victims. We’ve all heard the saying, “If it’s too good to be true, it probably is.” Yet the temptation is really hard to resist. By now you may have already figured out that “As Seen on TV” products are very tempting, but are almost never what they appear to be on TV. If someone is selling you a product at a very low price, you may never receive the product. if you do, chances are that it may be used, fake, or stolen.

Avoid Business Sites Without Phone & Address

You should be suspicious of business websites that offer goods and/or services, but don’t have an address (physical or PO Box) and a phone number listed on their site. These sites can only be contacted through email or a web form on their website. Doing business with these sites can be risky. Where would you return a defective product? of course, this discussion doesn’t apply to certain types of business and certain well-known websites, such as Google. Some businesses offer an online chat for tech support, instead of a phone number, but not having a contact phone number on the website should make you nervous.

No Privacy Policy

If you don’t find a provicy policy on a website, get out of there as fast as you can.

Free Tools to Identify a Fake Website

Here are some free online tools that will help you identify a fake website.

Google Transparency Report

To verify if a site is safe to browse, visit Google Transparency Report and enter the URL of the site in question. Keep in mind, a legitimate site may be listed as unsafe by Google if it has been compromised. Simply enter the name of the site you want to test, e.g. https://www.zubairalexander.com/blog, and press Enter.

VirusTotal.com

VirusTotal.com is a great fake website checker. Because it checks so many other vendor sites, you don’t have to visit those sites individually. VirusTotal will inspect the URL you enter with 70+ antivirus scanners and domain blacklisting services. These include some of the biggest and most reputable names in the industry, such as AlienVault, BitDefender, Comodo, ESET, Fortinet, Malwarebytes, etc. Because they update the malware signatures frequently and in some cases even store the shared vendor databases on their own network, the results are displayed on the screen very quickly.

To check a domain, go to VirusTotal.com and makes sure you are on the URL tab. Type the name of the URL you want to scan, e.g. https://www.seattlepro.com and press Enter.

MXToolbox

This website can tell you if a site is listed on a blacklist. Blacklisted websites are often responsible for spam, malware, phishing, etc. Go to https://mxtoolbox.com/blacklists.aspx, enter the domain name of the site you want to check (e.g. zubairalexander.com), and select Blacklist Check. At the time of writing, the domain you enter will be checked against 95 known blacklists. This number may change in the future.

Don’t panic if you enter your own domain name and see two or three timeouts at the end of the list. That’s normal, even for popular domains like microsoft.com. When the domain is checked against 95 blacklists, some of the blacklists may not be able to respond quickly.

Checking for blacklist doesn’t always prove that the site is a fake site because some legitimate websites can be blacklisted for no fault of their own, due to various reasons. Therefore, you may have to look for some additional signs. Visit An Anatomy of a Suspicious Website to learn more on this topic.

Additional Reading

• An Anatomy of a Suspicious Website

Copyright © 2020 SeattlePro Enterprises, LLC. All rights reserved