Counterfeit Website ID Theft
May 1st, 2012
You’re online, but are you where you think you are?
These days, that email from your bank in your inbox could be real—or a phishing attempt. Today’s thieves are busy impersonating legitimate businesses via email and websites in order to acquire your personal information like PINs, credit card or bank account numbers or Social Security number.
These fake websites can obtain your personal information through logins, passwords, credit card details and more. The data is used directly by the thieves for financial gain, or sold on the black market to other shady characters. Either way, your personal information is in criminal hands, and that can lead to fraudulent credit and bank account takeovers, opening new bank accounts and other identity theft activities.
The United States is the leading country for hosting malware and fraudulent websites, accounting for almost 40% of the world’s malicious URL’s, followed by France and Russia.1
Careful attention to details can aid identification.
Although counterfeit websites can look surprisingly similar to the legitimate sites they are attempting to copy, there are some differences if you look closely enough. First, make sure the web address begins with http:// or an https://. Then look carefully at the company name in the URL. Fraudsters will often make slight alterations to the spelling in the URL name, sometimes changing a letter to a number—“Interior” may be spelled “1nterior”, for example.
Steps to take to avoid spoof websites.
As a general rule, you should be cautious whenever you are requested to provide personal or financial information to a website. Rather than click on a link to a website, it’s safer to type the URL address in yourself. Another important step, one that many people don’t treat with enough diligence, is to keep your browser current with all security updates and appropriate patches.
1 SOPHOS Security Threat Report, 2011.