Evergreen's Top 5 Tips For Spotting a Fake Website

4th June 2013 :: Data Security :: Author: Andrew Cope, Managing Director, Evergreen

Gone PhishingThe number of fake or 'phishing' websites is on the rise and fraudsters are becoming ever more sophisticated into duping on-line consumers into parting with personal information and cash. 'Phishing' websites are those that imitate sites of well-known organisations for the sole purpose of fraudulently collecting sensitive and personal information from visitors, including user names and passwords. There are also websites out there that masquerade as being the official third party processing arm of companies and organisations in order to charge fees for services that are often free on the official sites themselves.

At the weekend, The Guardian on-line warned internet users to be wary of 'rogue websites' that are tricking gullible on-line users into paying too much for government services, such as passport renewals. On-line consumers are clicking on some Google 'paid for' adverts that are linked to websites that mimic official government sites. These unauthorised sites offer a service of checking applications, passing on details, then charging a fee for the privilege. Many describe themselves as "third-party processing firms" that make the application process "quicker and easier". These websites are supposed to clearly display that the service they are offering is available elsewhere for free or for a lower fee, but in practice this information is often hidden at the bottom of the page. Many of them also flout the law by only listing a premium rate telephone number as company contact details omitting to include the full company registration information, making it difficult to make contact to receive a refund in the event of a complaint.

So what can you do to protect yourself from fake or misleading sites?

Here are our top 5 top tips to guide you:

1. Are your settings secure? - Check that the security settings on your internet browser are enabled to help spot sites masquerading as trusted sites.

2. Check for security signs – Before entering any banking or credit card information, make sure your browser is showing the padlock symbol next to the address bar and that the address starts with https://. Without these signs, there’s no guarantee of security or encryption of your details. Any legitimate on-line retailer with a well built  e-commerce website will have these security measures set as standard.

3. Do your research – If you haven’t used a website before, check its credentials. Search for alternative contact details such as address or phone number. All UK registered business websites need to display the company information i.e. the business name, place of registration, registered number, registered office address and if it is a member of a trade association. Does it have a privacy policy page and information about how cookies will be used on the site? A privacy policy or data protection notice must be displayed on the website if data is processed and must inform the user what the data is used for and that it is compliant with the Data Protection Act 1988. The Privacy Policy must also explain what cookies will be created and their purpose. If the website is claiming to be a 'third-party processing' arm of an official organisation – call the organisation first to verify this. Look on forums and blogs for reviews and advice from previous users of the site.

4. How professional does the site look? – Fake sites that mimic big brands and well-known organisations often don't have the time and investment to look as good as the sites they are masquerading as. Be suspicious of any misspelt words or images that don't look clear or professional.

5. Trust your instincts - Does the site you regularly visit seem different? Websites often change, but if you’re asked for a different set of information than you’re used to, and you haven’t already been warned of site changes on your previous visits, you may be on a fake site.

Follow The Golden Rule: Don't give any personal details until you’re confident that the site is genuine.