How to detect a phishing site?

• Phishing is a social engineering attack that involves tricking the victim to reveal confidential information.
• With the general awareness about phishing attacks increasing, the attacks are becoming more sophisticated.

Sophisticated attacks involve well-crafted phishing sites that blend in and pretend to be legitimate ones, making them hard to be detected. Here are a few ways to spot a phishing website.

Check the connection type

This is an easy check that you can perform if you suspect that a page is not legitimate. Click the URL on the address bar and check for the ‘HTTPS’ tag. This indicates that the communication between the client and the server is encrypted. Although HTTPS does not mean that the website is completely secure, it is a good point to start at.

Along with this, check for the SSL certificate. Most legitimate websites have valid SSL certificates issued by an authorized provider.

Look closely at the URL

Most phishing sites try to have URLs that are very similar to legitimate URLs. Check if the URL has an extra letter or is the misspelling of a legitimate, trusted URL. Hackers may make minor changes, including using .edu instead of .com, when the original website uses .edu.

Who owns the website?

There are online resources such as the WHOIS database that allow you to check who owns a certain website through the domain registration details. If the website has been active for less than a year, or the site claiming to be of a leading brand is registered with an individual, it may be the signs of a phishing site.

Website content

Setting up a website is a huge project that teams invest a lot of time and energy in. If there are too many grammatical mistakes, low-resolution pictures, or too much advertising, there are chances that you be may have landed on a phishing site.

Apart from this, look for contact information, privacy policy, and such pages. These are important to a business and a legitimate site will have well-designed ones. Another thing to check is if the website accepts popular payment methods. The website accepting funds only through wire transfer is a red flag that should alert you.

A website that checks all the above points off its list does not necessarily qualify to be legitimate. But with these checks, you can implement a stronger first line of defense against phishing attacks.