You’re surfing the internet on your couch and the warning comes up that you’ve been compromised. No fear, just provide your credentials and help is on the way on this official looking website sign-in page.
Or you see a deal that’s too-good-to-be-true on social media. Just “click here” for a great offer. It’s on the internet, so it must be legit.
Even worse, you initiate a search for information and click on one of the first results that pop up. Alas, the one you click on is a fake. And if you fall for it, at least you’re not alone – these fake, look-alike domains can fool anyone.
What is Website Spoofing?
Welcome to the brave new world of website spoofing. Once upon a time, you could recognize a fake by misspelled words and horrible graphics. But tactics have improved, and criminals have one common goal: to get your credentials, your money or control of your device through malware.
The best way to stay safe is to recognize the warnings and thoroughly investigate the website URL before you click on it.
Jeff Taylor, head of Commercial Fraud Forensics at Regions Banks
“The best way to stay safe is to recognize the warnings and thoroughly investigate the website URL before you click on it,” said Jeff Taylor, head of Commercial Fraud Forensics at Regions Banks. “These look-alike domains are often difficult to spot and require a heightened awareness and diligence.”
According to the FBI, criminals exploit victims by claiming websites are secure (when they’re not) in phishing campaigns. This is often through emails that link to real-looking domains with fake security certificates.
In the big picture, spoofing is an attempt to gain your trust by disguising: an email address, sender name, business phone number or website address. According to the FBI, criminals count on their ability to manipulate you into believing these sources are real.
Tip No. 1: Rather than use your search engine to find common websites like your favorite retailer, your bank or your credit card provider, bookmark the legitimate URL in your browser or create a desktop shortcut for easier access.
And, as always, STOP, CALL and CONFIRM.
STOP what you are doing and review the email address for any discrepancies or anomalies. Pick up the phone and
CALL the requestor at a number you know (don’t call the number in the email or text or respond to the message because you will likely be corresponding with the fraudster).
CONFIRM the request as legitimate.
Next step? Consider these tips from the FBI that focus on all spoofing:
6 Tips to Protect Yourself From Website Spoofing
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
- Carefully examine the email address, website URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
When it comes to website spoofing, look-alike domains play a huge role in deception. Consider these examples of spoofed email addresses from the FBI:
If you realize you have provided your information on a look-alike domain, change your online password, call your bank to alert them and cancel your debit card. Keep your bank’s number in your contacts so that you always have it handy.
If you believe your company has been the victim, please file a report with the FBI Internet Crime Complaint Center at www.ic3.gov.
Keep in mind that the faster you act, the better your bank can do at protecting your assets.
Additional Resources from Regions.com
Related Articles from Doing More Today
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud. All fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.