When Mr. Beauchamp watched a video of Elon Musk – the world’s richest man – recommend a certain investment platform to make money, he took Musk’s advice and opened an account.
Opening his investment account only cost a few hundred dollars, but over the next few months, he would pour tens of thousands of dollars into the online investment platform. What he saw on his profile was that he was making money – and lots of it.
Mr. Beauchamp didn’t discover this fake website scam before it was too late; he drained his entire savings account and retirement account, losing more than $690,000. The scammers used deepfake technology to make believable videos of Musk, and unsuspecting victims took the bait.
This scam was elaborate and coordinated, but there are plenty of other fake website scams that have been targeting internet users for decades. Whether or not you’d trust a video of a billionaire for investment advice, no one is immune from online scams.
Before you browse websites or make purchases, it’s imperative that you know the website is legitimate. Fake sites usually have a few tells, but hackers are constantly changing the game. Don’t be one of the hundreds of thousands of adults who get scammed online; instead, learn how the system works and avoid it altogether.
Thousands of fake websites are created every single day. In 2023 alone, 4.98 million unique phishing sites were added to the web. In the same way that phishing emails or spam calls can seem real at first, a lot of fake websites look legitimate at first glance.
If you’re unsure whether or not a website is real, there are a few ways you can check. It may feel tedious to have to verify the site’s security before doing what you’re there to do, but if it is one of the many malicious sites out there, you’ll be glad you took the time to double-check.
A Secure Socket Layer (SSL) certificate is a digital certificate that signifies a website’s authenticity and verifies that communication passed through the website is encrypted.
If a website doesn’t have an active SSL certificate, it’s probably best to leave the page completely. There are a few different ways to verify SSL certificates:
1. Padlock Icon: In front of the URL, there should be a padlock icon regardless of which browser you’re using.
2. The URL Itself: If a website does have an SSL certificate, you’ll see “https” in the address bar.
3. Zoom into the Details: If you click on the padlock symbol or the icon next to the URL, and then click “security,” you should get the details of the security certificate.
All reputable websites will have SSL certificates, but unfortunately, hackers have caught on a bit. Some scam sites will still have a security certificate, so this shouldn’t be the only method you use to decide how secure the site is.
According to the Federal Trade Commission (FTC), BestBuy, Amazon, and PayPal are imitated by scammers the most often, but any website is susceptible to copycats.
Even if the website looks and feels just like the one you know and love, it could still be fraudulent. If you examine the URL listed in the address bar, look for any extra characters, spaces, or even extra letters thrown in.
The URL of fake websites won’t be exact, but they’ll be close. Scammers are counting on you to overlook these small tweaks and continue with your online activity.
Looking beyond the address bar, a fraudulent website is likely to be riddled with spelling and grammar issues. Most businesses will pay a high fee to ensure that their website is polished, professional, and free of grammar errors, but scammers often cut corners.
If they use bots or aren’t native speakers of the language that the website is in, the writing on the website will highlight that. Don’t trust links on pages where you’re finding easy-to-spot spelling issues – ever!
One thing about scammers is that they move on quickly if their scam isn’t going as planned. Legitimate websites are usually active for many years, whereas a scam website will have a much lower domain age.
There are many free websites that will help you check the age of a specific domain. For example, WHOIS Domain Lookup, SERanking, and Duplichecker all act as domain age checkers – use the one of your choice.
In today’s day and age, business websites will have corresponding social media accounts linked on their websites. It could be Instagram, LinkedIn, Facebook, TikTok, or another platform, but if a website doesn’t have a social media account, that’s a red flag.
Don’t just take what is on the site at face value; visit the social media pages and see for yourself. Do the social media account names match the name of the business? Are they active accounts? Do they have a lot of followers and engagement?If the answer to any of these questions is “no,” proceed with caution.
Not all business websites will have a physical address listed, but they should at least have a generic contact page with a phone number or email. Whatever the page lists, try to make contact using that method.
If a phone number is available, give it a ring and see who picks up. If it’s a professional on the other end who can direct your call and answer questions, you might be able to click with more peace of mind. Email is easier to fake, but it’s better than nothing.
There are plenty of tools on the internet that will give you additional information about existing web pages. Even beyond a site’s domain age, these tools can divulge details about traffic to the page, the business contacts listed, and more.
Google’s Transparency Report is a great resource if you’re unsure about a website. The report looks at tons of URLs every day to find and flag malicious websites. If you use Google Chrome as your browser, you’ll get a notice about potentially dangerous sites if they show up on this report.
Leave it to past customers to give honest user feedback. If you can’t find reviews for the business that’s on the screen in front of you, it could mean something suspicious is going on. You won’t find reviews for every business website, but they’re a good resource to search for.
Keep in mind that some fake websites – especially in the ecommerce space – will post fake reviews to their site. If customer reviews seem inauthentic, too similar, or oddly specific, they might be fake.
Don’t just look for reviews on the site in question; see if you can find any on other websites. G2, TrustPilot, and Google all have review mechanisms for different businesses. Customers will sometimes leave warnings about fake websites to future users, so see what else you can find on the internet. Even forums like Reddit can be a good place to ask whether or not certain business websites are scams.
Real websites will almost always have a privacy policy available to users. When you first visit a website, you’ll often get asked about which cookies you accept or decline. These pop-ups will often have a link to that site’s privacy policy and data collection policy.
As annoying as they are, these notices help weed out fraudulent websites. If you don’t get a pesky pop-up when you first jump onto the website, it could be a sign that something is amiss.
Before you ever make any sort of payment online, you should have full confidence that the website is legitimate. All of the above steps should show nothing but green flags and expected outcomes.
One final check is taking a look at the payment methods available on the webpage. Do you recognize the payment processors? Are big names like Stripe, Shopify, or PayPal used to process payments? What about credit and debit card payments?
If it doesn’t look like the checkout process usually does, or if the payment options are obscure and unfamiliar, don’t even think about entering sensitive data on that page.
Finally, trust your gut. If a website seems too good to be true, it probably is. Just like we’ve figured out that designer sunglasses will never be sold for $7.99, we can look at the prices and contents of websites to see if everything makes sense.
Mr. Beauchamp, who was scammed out of hundreds of thousands of dollars, was experiencing investment returns that were defying all odds. It was a too-good-to-be-true scenario, and things turned bad quickly.
If you come across a website that is, in fact, a scam, do the following:
1. Stop surfing that page. Don’t click any links, don’t make any purchases, and don’t spend any longer poking around.
2. Look at all your online accounts like bank accounts, social media profiles, and more to ensure that nothing out of the ordinary is taking place.
3. Update your passwords and enable multi-factor authentication for accounts that hold sensitive information.
4. Use an antivirus program to check your device for malware or ransomware that could have been downloaded from the malicious website.
5. Freeze your credit. If you input any payment details or other information into the website, file a freeze with the three major credit reporting bureaus.
6. File a complaint with the Federal Trade Commission (FTC). This can be done online, and it can also provide an avenue for support if needed.
7. Report the website to Google. These reports help Google – and other browsers – remove fake websites from their platforms, ultimately protecting all internet users.
By working together to identify and report fraudulent websites, we can reduce the number of scammers who successfully take advantage of families all over the world. It’s not easy to maintain a constant sense of vigilance, but it’s part of using the internet responsibly. If something seems odd about a site that you’ve ended up on, take the time to verify its security and report malicious intentions.
When cell phones first became popular, no one thought they’d become what they are today. For the first few years, it was …
Your company delivered the good or service it promised to a client and now it’s time to collect the funds owed to …
Spam texts are more than just a nuisance—they’re often the first move in a scam. If you’ve recently noticed an uptick in …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
