SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Website spoofing: What to know about counterfeit domain names to keep from getting scammed
Wed, 2nd Mar 2022
FYI, this story is more than a year old

What is website spoofing? 

Have you ever visited the website of a well-established brand but something about it didn't seem right? Maybe the user interface seemed outdated, or the grammar was incorrect? That may not have been the brand's website at all. Instead, you may have been visiting a spoofed website.

Website spoofing, also known as domain spoofing, occurs when a scammer creates a fraudulent website for the sake of stealing from its visitors. This starts with registering a domain name that is nearly identical to the intended landing page. Some of these web spoofers are so sophisticated that they can accurately mimic a legitimate website's user interface. But even crudely constructed scams can cost unaware visitors dearly.

After the scammer has gained a person's trust, they will attempt to steal personal information, like usernames and passwords, or attempt to get a user to download malicious software onto their computer.

How does website spoofing work?

Registering a domain name requires little effort and has little oversight. There are some barriers to prevent near-identical domains from being created, but scammers are clever enough to find workarounds. If they can mask their website's identity as something else, their mission is almost accomplished.

After a person has fallen for a spoofed website, they will likely carry on with their normal behaviour without a second thought. This could include typing in their username and password or entering in credit card information, which is exactly what the scammer is hoping for.

It may seem like business as usual for the user, but the website saves whatever information is entered. The scammer then uses the login information to gain access to legitimate websites or any other website that uses the same username and password. Or they save credit and other financial information to use on a shopping spree.

Another danger with spoofed websites is that they can be programmed to drop malware onto a victim's computer. This is potentially more devastating because they could gain access to any information saved on that device.

How to spot and protect yourself against a spoofed website

Experienced spoofers will often try to copy the graphic design of a website as closely as possible. But a trained eye will be better able to discern the real thing from a fake by knowing a few key details.

1. Look at the URL

The most common tactic among website spoofers is creating a nearly identical URL to a legitimate website. The URL may only be off by one letter, even using the number "1" in place of a lowercase "l". People can easily direct themselves to the spoofed page by mistakenly typing the wrong key or only glancing at the URL before clicking through.

To avoid this, use bookmarks for frequently visited pages. Since random links will be left unclicked, it's convenient to bookmark websites regularly visited. This speeds up the process of visiting the page while reducing the chance of human error in typing it by hand.

In addition, when visiting a page that is not already bookmarked, manually search for the URL. This avoids the risk of a malicious link planting a virus on the device. Take care that the URL is spelled correctly; otherwise, you will not reach the intended page.

2. Avoid clicking mysterious links

The tactics of cybercriminals are continuously improving. The best way to evade a malicious link is to avoid clicking it entirely. Instead, manually type the domain name into a browser to increase the likelihood of reaching the legitimate destination.

Email links and attachments should be treated with the same caution. And it's a good idea to send spoofed emails directly to the spam folder to reduce the risk of accidentally opening one.

3. Check for an SSL certificate

A Secure Sockets Layer (SSL) is an added level of security for every visitor on a website. It is an encrypted link that protects sensitive information from being shared without consent. It is usually represented by a lock or green icon next to the URL. Of course, an SSL does not guarantee that a website is legitimate, but it is a solid piece of evidence in its favour.

4. Make sure the domain matches the SSL certificate

Since a third party produces the SSL for the website, double-check the certificate by comparing it to the URL. Click on the SSL icon to validate its security. If it was issued to a website different from the domain in the URL, something fishy is going on, and it shouldn't be trusted.

To avoid scams like website spoofing, it's a good idea to clean your devices periodically and use a reputable security suite on all your devices. Even with responsible internet usage, scammers can slip through defences, which is why it's a good idea to rely on a competent internet security program to make up for shortcomings in user practice. For example, it can block malware before it can download to the device or raise a red flag if the user visits a dangerous website.

Every little bit of extra effort goes a long way toward making yourself a hard target.