How to detect a phishing site?
- Phishing is a social engineering attack that involves tricking the victim to reveal confidential information.
- With the general awareness about phishing attacks increasing, the attacks are becoming more sophisticated.
Sophisticated attacks involve well-crafted phishing sites that blend in and pretend to be legitimate ones, making them hard to be detected. Here are a few ways to spot a phishing website.
Check the connection type
This is an easy check that you can perform if you suspect that a page is not legitimate. Click the URL on the address bar and check for the ‘HTTPS’ tag. This indicates that the communication between the client and the server is encrypted. Although HTTPS does not mean that the website is completely secure, it is a good point to start at.
Along with this, check for the SSL certificate. Most legitimate websites have valid SSL certificates issued by an authorized provider.
Look closely at the URL
Most phishing sites try to have URLs that are very similar to legitimate URLs. Check if the URL has an extra letter or is the misspelling of a legitimate, trusted URL. Hackers may make minor changes, including using .edu instead of .com, when the original website uses .edu.
Who owns the website?
There are online resources such as the WHOIS database that allow you to check who owns a certain website through the domain registration details. If the website has been active for less than a year, or the site claiming to be of a leading brand is registered with an individual, it may be the signs of a phishing site.
Setting up a website is a huge project that teams invest a lot of time and energy in. If there are too many grammatical mistakes, low-resolution pictures, or too much advertising, there are chances that you be may have landed on a phishing site.
A website that checks all the above points off its list does not necessarily qualify to be legitimate. But with these checks, you can implement a stronger first line of defense against phishing attacks.