SSL certificates and phishing: how to spot a fake website

Image Shutterstock
Image: fotogestoeber / Shutterstock

When a business becomes well known or successful, it’s not unheard of for imitation websites to spring up.

The worst of these act as a form of phishing; acting and looking like the original website for the sake of deception.

A common goal of these sites is to divert your own customers and steal their money, financial data and as a consequence; effectively ruin your business.

The challenge here, however, is that the creation of these sites is out of the businesses control. It’s going to happen, so it’s up to you as a web user to exercise a certain level of caution. However, here are a few ways you can spot a fake website.

As long as you remain cautious and always keep an eye out for these signs, it’s quite easy to tell when something is legitimate and when it’s not.

More often than not, it’s simply common sense – understanding the right signals (such as CA – sometimes called SSL – certificates by Thawte) and not becoming complacent.

Security
Given the nature of a phishing site, it is very unlikely that it is going to have security. The real website will likely invest in a high level of security, such as a Secure Sockets Layer (SSL) with Extended Validation. This can be seen easily – the URL starts with HTTPS and comes with a green padlock symbol – which a false website would struggle to replicate.

If you do see such a website, do not use it. Given the illegitimate nature already present, it wouldn’t be too hard to imagine the viruses and infections waiting elsewhere on the site. Instead, check your firewall, make a note of the website and get in touch with the company it is trying to phish from.

Image: Brian Senic's
Image: Brian Senic / Shutterstock

Obscure e-mails
False websites may be easy to spot but fake e-mails are still very much prevalent. This is phishing in its most traditional sense. These will often try to replicate an e-mail from a given company, with a goal of acquiring money or sensitive data.

To help avoid this, you should know the businesses you use online and how they interact with you.

Companies won’t ask for your financial details and they won’t do it by e-mail. SSL and other CA certificates are there for a reason, so going through the website in the normal means is the safest route.

Other security measures, such as Payment Card Industry Data Security Standard (PCI DSS) are required to take card details online, so you shouldn’t receive a request asking for these details via e-mail.

Filed under: