We’re all familiar with phishing mails; they’re a modern day scourge, trying to trick users into downloading malicious attachments or visit malicious websites.

But these dodgy emails are only one part of the phishing process. The skanky phisher usually also builds a fake website with the intention of tricking victims into entering login credentials, banking information or both, which the phisher then has access to.

How do you end up on a phishing websites?

Phishing websites are reached via a link in the phishing link. The messages in these mails typically have an ‘urgent’ tone and promise some kind of ‘reward’ or the need to take immediate action. The aim is to get the victim to click onto the link in the mail which takes them to the dodgy web site where they have to enter information.

Here are some examples:
  • Somebody receives an email from their ‘bank’ saying they need to update their banking ID credential information. He uses the link in the email to log into what looks like the bank website. His details are entered, as requested by the email message. The phisher criminal takes the ID credentials and the next day all of the victim’s savings have gone.
  • A Google search for Indian curry recipes leads to lots of links and ads. The searcher clicks on an ad and is led to a webpage asking for payment card details in exchange for recipes.
  • A tax return needs to be filed. A search is carried out and the first link that appears is clicked on. Everything looks good, the page is as expected. Log in credentials and tax details are entered. Months later the person receives a message from the tax office saying they have been fined for not filing their tax return on time. A hacker created the webpage and made off with the log in credentials and tax details. The log-in credentials are used on ecommerce sites as the hacker knows that people generally use the same user and password details for different sites.
  • A bank customer has some issues and understands she might get a faster response via Twitter. She tweets her concerns to the bank’s Twitter handle. Within a few hours, a bank representative replies by providing a link to the bank’s support page. The representative is a scammer. The support page is a phishing site.
Identifying fake website pages

Whenever someone sends you a link via email or social media take time to study the URL link before you click.

The URL (an acronym for Uniform Resource Locator) is a unique identifier for the page, and every website's URL is different. This is why it’s usually called a web address.

URLs, when you type them into the address bar, command whatever browser you're using to source that specific page.
  • If you’re unsure whether a URL is legitimate you can search for the brand name with the word ‘scam' or 'fake URL'. If you don’t find anything it doesn’t mean the URL isn't a scam but this search might give you an answer straight away.
  • You can also try putting the URL into a URL-checking website like CheckShortURL.
  • Never click a link with a typo or a misspelled word – it’s likely a fake website.
  • Make sure you have up-to-date antivirus software installed. It raises red flags if you end up on a known fake website. BullGuard protection automatically updates providing you with an up-to-date detection of websites that are potentially dangerous.
  • Contact the legitimate organisation the website claims to belong to, to verify or disprove, its authenticity.
Don’t panic

If you do click through to a fake website don’t panic. It can be easily done. The important thing is not to enter your personal details and then hit ‘send’ or any other command that sends your information.

If you happen to do this and then realise your mistake contact the organisation the fake website claims to belong to, such as your bank or credit card company, and tell them immediately what has happened so they can block any transactions. You can then sort out new ID credentials so the criminals hit a dead end when they try to exploit the data they have stolen.