The phishing website
Phishing emails like the one presented in the previous page will usually try to direct you to a fraudulent website that has the appearance of a legitimate company website. The spoofed (fake) website will request you to login or provide personal information such as your credit card number, social security number etc.
Let's have a look at this fake PayPal website:
While you might think that the information you submit is sent to a legitimate site, the data is in fact being sent to a cyber-criminal. Therefore you should always check the following elements:
Note that the web address http://paypal-secure-check.com/eg/login.php, is NOT a secure web address. Secure websites use the https protocol, instead of http.
Also, the address should never display numbers only (i.e. the IP address of the website) or have an obvious fake domain name. Some links contain an IP address (such as http://192.168.100.234/login.html) instead of a domain name. Another example of a fake domain is http://pay-pal.www.net/login.html — probably a website hosted on a free hosting server.
Padlock / key browser signs
When you access a secure website, you should see a padlock or key sign in the lower right corner of the browser's window. Notice that the above email does not display any of these.
Note: The padlock or the key should not be an image displayed within the page content, but an indicator displayed by the browser at the correct status bar location (usually a cell on the right).
A typical sign that something is wrong with the page are errors generated when the page is accessed or when trying to perform other operations within it.
Our example shows that the web browser displays a yellow notification sign on the left side of the statusbar about the page being loaded with errors.
Digital certificates are used to identify a website. You can think of them as being a website's ID card.
To verify the page's certificate you should double-click on the padlock sign.
Page 1 | Page 2 | Page 3