While the internet has unquestionably revolutionized our lives (and continues to do so with every passing year), it has also introduced an entirely new set of threats to our privacy and security of information. One of the most basic—and therefore most common—scams involve setting up an official-looking “dummy” website that is intended to collect your personal information and/or run other malware on your device. Sometimes this happens without the user ever being aware of the attack; in other instances, the user is purposefully made aware that a malicious actor has possession/control of their information, their device, or both.
While it’s difficult (and not always accurate) to judge a website’s safety based on appearance or operation, there are certainly some common red flags for which you should stay vigilant. A few of those should be regarded as more-or-less instant deterrents; if you see a single one, leave the website in question immediately and don’t return to it unless you have a very specific, well-informed reason to do so. Other red flags should be taken with a more measured dose of caution; a single spelling error, for example, shouldn’t be read as an indication that a website is malicious or otherwise unsafe.
Unusual Web Addresses
Before you visit a website, always check the web address (also known as the URL). Look for any unusual characters, especially letters from non-Latin alphabets that are used in place of Latin letters. A common example of this is the Greek “α” in place of the Latin “a”, as in “fαkewebsite.com” versus “fakewebsite.com”. Even more difficult-to-identify examples include uses of Cyrillic characters like “р”, “с”, or “ѕ” in place of lookalike Latin letters “p”, “c”, and “s”—“сheatѕcam.com” versus “cheatscam.com”. If you aren’t sure, copy-and-paste the address into word processing software and use that to check the provenance of any suspect characters.
Also, be wary of odd punctuation or seemingly incomplete strings of text—“searcheng.ine” or “searchengin.com” versus “searchengine.com”. Scammers count on these malicious URLs bearing a close enough passing resemblance to legitimate ones that users click them without a second thought. The same is true of other unusual or easily confused characters or markings in URLs, like em dashes (—) and en dashes (–). In short, malicious actors will employ any and all tricks at their disposal to make a dangerous web address look, at-a-glance, like a legitimate one. Scrutinize every link you follow, no matter how legitimate it or the source from which it comes might appear. If you see anything suspect, even something seemingly insignificant, do not follow the link.
Missing, Incomplete, or Incoherent Information
If a website’s URL passes the eye test and you follow a link to the site itself, one of the first things you should do is check the contact, privacy policy, and (where applicable) shipping/return policy pages for incomplete or incoherent information. If the contact email is generic (dduck@aol.com) or suspicious (service18765@company.net), that should send up a red flag (especially for large and/or well-known entities). If the listed address is incomplete or doesn’t match the business (a foreign address for a domestic organization, for instance), that should also be a red flag. Also, be wary of privacy policies that frequently mention European nations; Europe has a significantly different and partially-unified standard for online privacy, and scammers frequently copy-and-paste legitimate-looking privacy policies from websites based in those nations.
Another clue that something may not be right with a website is the use of placeholder text like lorem ipsum (nonsense meant to look and sound like Latin). Some scammers take the “legitimate at-a-glance” mentality beyond URLs and set up malicious websites with multiple seemingly real pages, counting on the fact that few users will take the time to scrutinize anything but the homepage. Those decorative pages are often populated with placeholder text because it’s an easy fix, which fits the modus operandi of most data thieves.
Final Thoughts
There are, of course, other indicators of a website’s legitimacy/security. But learning the basics of scam websites and how easily they can be identified will protect most users in most cases. The truth is that most malicious websites and the people behind them will only do the bare minimum necessary to trick a small percentage of users because that’s enough to keep them afloat without exposing themselves to greater risk of getting caught. Avoiding the ruse is just a matter of scrutinizing what you’re seeing slightly more than the “average” person would. Put in that relatively small effort and your internet security will be massively increased.