Fake Websites Imitating Genuine Websites are the Newest Cyber Threat

We all know malicious websites are out there. Scammers and fraudsters want to steal our information and our money. Creating fake websites to trick us into giving them our information is just one strategy they have. But when we’re aware fake sites are out there, we watch out for them. We can look for signs a website is fake before we enter our information.

Scammers and fraudsters are clever. They’ve figured out how to make fake websites that imitate genuine websites and look almost like the real deal. But in order to trick us into giving over our information, they have to trick us into going to their impostor websites. By being aware of their methods, we can avoid going onto malicious websites in the first place.

How Fake Websites Defraud You

The specific methods fake websites use to defraud you depends on what genuine site it’s imitating. If it’s imitating a genuine software download site, it will have a download link. The link will download a file that is named like the file you expect. If you’re trying to download Adobe Acrobat, for example, the file may be named acrobat.exe. But it’s actually malware. Criminals can use this malware to steal information from your computer or lock your files and demand money to give them back. They can also imitate email providers and similar sites to get access to your private information.

More commonly, though, these websites impersonate genuine financial websites. Investment accounts, banking accounts, and especially cryptocurrency exchange platforms are all great targets for scammers and fraudsters. Once they convince you to click on their fake website, they prompt you for your login credentials. When you enter your login information on their impostor site, it gets sent to the criminals. Then they can use those credentials on the real website and get access to your financial information.

How Criminals Trick You Into Visiting Fake Websites

For this whole scam to happen, you first have to end up on a fake website. So criminals do their best to trick you into visiting one of their imitation sites instead of real ones. These are some of the most common ways they do it.

Impersonating Brands with Search Engine Advertisements

This strategy has gotten so popular that the FBI released a warning about it in December 2022. With this strategy, criminals build a fake website that looks similar to the real website of a real business and has a similar domain. They they purchase search engine advertisements pretending to be the real business.

Search advertisements appear at the top of search results. They don’t look much different from actual results. Many people just click on the first result without checking to see if it’s genuine. If you’re not watching out for it, you may click on an ad that takes you to a fake website. We tend to trust Google’s search results. If we don’t realize that what we clicked on isn’t a search result from Google and is actually an ad that someone paid to put there, we may end up on a fake website that convinces us to give our credentials to scammers.

Lookalike Domains

Lookalike domains take advantage of the way some letters look similar. If your bank’s website is realbank.com, a scammer might register reaibank.com. A capital “I” looks almost identical to a lowercase “L”. So if the scammer capitalizes the I in their new lookalike domain, reaIbank.com looks almost exactly like the legitimate site.

The scammer creates a fake website that imitates the real website. Then they send out a phishing email with a link to their new lookalike domain and scam website. Since their lookalike domain and their imitation website appear real, it often fools people into entering their login credentials. Once the scammer has those credentials, they have access to those accounts.

Typosquatting

Typosquatting is very similar to lookalike domains. Both lookalike domains and typosquatting try to get domains that are very close to the domain of the genuine site. But instead of trying to find a way to look like the real domain, typosquatting websites try to get domains that are easily mistyped. If your bank’s website is realbank.com, a typosquatter might register realbamk.com. Since “n” and “m” are right next to each other on the keyboard, someone might accidentally type realbamk.com. When they do, they end up on the fake website.

The criminals set up a website that looks identical to the genuine website. When someone mistypes the address and ends up on the scam website, they might not realize it. Especially since the fake site looks identical to the real site, they may assume they’re on a safe and secure site. But when they enter their information, it gets sent directly to the scammer.

Protect Yourself from Fake Websites

There are some precautions you can take to protect yourself. Follow these steps to be sure you’re on a genuine website and not a website trying to steal your information.

Type addresses directly. Instead of clicking on links or searching on Google and then clicking the first result, type the address directly into your browser. That way you can’t be caught by impostor ads or lookalike domains.

Check the address BEFORE you enter any information. Hover over a link before you click it to see the actual domain in the bottom corner of your screen. If you typed in a website, check very carefully. Look for typos or letters that look similar. Even if it looks like you made it to the right site, it’s important to check.

Avoid clicking links in emails. Phishing emails are very sophisticated and may look real. And it’s very hard to tell the difference between some letters. If an email wants you to click a link, be careful. It’s probably better to visit the site on your own, without clicking.

Install an ad blocker. Most internet browsers (even on your phone or tablet) have the option to install add-ons. Installing an ad blocker like uBlock Origin will prevent you from seeing any search advertisements at all and keep you from clicking on paid ads for malicious websites.

Report fraud to the FBI. If you have been a victim of fraud or malware from a fake website impersonating a brand through search engine advertisements, report it to your local FBI field office. If you have been a victim of fraud through any of these methods, you can report it to the FBI’s Internet Crime Complaint Center.