How to know if a website is safe or if it is fake/fraudulent?

In the same way that the Internet represents a series of facilities, benefits and advantages, there is also the other side, the problems, risks and threats.

In this field, one of the problems The most common is related to fake, fraudulent and unsafe websites.

Whatever the case and depending on the reason for access, they generate the question: “how do you know if they are safe?”

Be 100% sure, it’s not possible. However, there is a set of checks that can be done and that help to surround us with care and identify a site as to the likely level of risk it can offer and thus, avoid them when applicable.

Why is it important to know if a website is safe?

The amount and variety of threats existing in the digital world is enormous and only grows.

Even the most lay internet users and those with little knowledge of the risks, at least have heard that it is necessary to be careful when browsing digitally.

And it’s not just the risk of having your device infected by malware or by what most generically treat as a virus.

Malware – or viruses if you prefer to call it that – is just one of the many possibilities of being affected when accessing an unknown website that can represent major headaches depending on the class of malware you come across, as is the case with ransomware and which has represented one of the biggest problems of the genre o.

And when we talk about the security of the sites we access, the issue is not limited to offering a safe shopping environment. Even a site that at first glance may not appear to be a threat may contain one.

Imagine that you came to one through a search that aimed to find content on a topic that interests you. You found a rich content that can answer all your doubts about it, but to download the material, you first need to fill out a registration.

There is in this apparently innocent action, so common nowadays and possibly without any kind of consequence, at least two immediate risks: the download done and the registration filling.

In the case of the download, there may be some malware. As for the registration, both the data can be used improperly, as it can be leaked.

Let it be clear that this is just a hypothesis, but that practice shows that it is perfectly possible to happen.

Therefore, ensuring the security of the sites we access is not only necessary when making purchases on the Internet.

It is also important to emphasize that our purpose is to differentiate fraud and insecurity …

What is the difference between a fraudulent website and an unsafe one?

In practical terms, the negative impacts for the user can be exactly the same . However, in one case we may be facing a cyber criminal or just another victim.

Didn’t understand?

Typically a fake or fraudulent website is the one where there is a cyber criminal behind it and who deliberately created it with the aim of obtaining an advantage for itself and/or harming the visitor.

This is the case of a website that imitates a bank page to steal bank details or even a fake e-commerce site, in which the purchased products are not delivered.

A site that is only insecure, is the one where the CMS used or the plugins, or both, are outdated. Or one that was developed with its own programming, but the programmer did not adopt good practices or worry about strict security measures.

Regardless of the risk, the administrator either due to lack of knowledge or negligence, either because it did not have time to correct a newly discovered flaw, had the site invaded or is vulnerable to exploitation and therefore both it and its visitors will be exposed.

Which types of threats can a website contain?

Unfortunately, the amount or variety of threats that a website can contain is quite extensive, since the diversity of techniques used to deceive the user, as well as as the number of virtual threats is also large, as we have already mentioned.

It is important to keep in mind that when we refer to virtual threats, we are dealing with apparently less harmful actions, such as, for example, obtaining personal data, even scams that cause financial losses.

Among the most common risks, we have:

• Malwares – infection of the access device with malware. Depending on the malware class, one can have all data encrypted and therefore inaccessible, which is the case with ransomware. But there are malwares that record what you type (keyloggers), make screenshots of what is accessed (screeners), send SPAM, make purchases in app stores, use the device in zombie networks for DDoS attacks, etc;
• Personal data – misuse of personal data, which is when the site did not comply with the LGPD or sometimes even it seems in the eyes of visitors that yes, however, the person responsible does not comply with the law, for example, passing on or selling your data to third parties, without your knowledge and consent;
• Data Leakage – similar to the previous one, but with different origins, data leakage is when, by exploiting a vulnerability or as a result of an attack, databases are accessed by a hacker – actually a cracker – and he misuses the data;
• Social networks – getting credentials or authentication data on social networks and that a lot of Sometimes they can be used to access other services, such as Facebook and which is a means of authentication in the most diverse platforms, such as games and apps;
• SPAM – a simple email account is all a spammer needs to know about you. Once your email address becomes part of a list, the volume of SPAM received only tends to grow;
• Financial losses – cloned cards, improper purchases and even purchases made by you, but whose product is not received, are another common risk when not identifying a fraudulent website.

New techniques, which make use of social engineering and the habits and behaviors of people in the use of the Internet, as well as gaps and characteristics of the technologies used in the world wide web , contribute to the continuous growth of the variety of scams.

What is social engineering?

Social engineering in the field of information security, corresponds to the use of behavioral characteristics and social relationships between people to affect what is considered one of the most vulnerable links in the functioning of a system – the human being.

Some of the behavioral aspects that are explored, are:

• • Curiosity – makes use of the natural curiosity of the human being, which triggers an action that is necessary to the scam, for example, clicking on a link that will reveal information you want to obtain;
  • Confidence – this technique takes into account that people tend to trust people in their relationship, celebrities, companies and well-known brands and thus become negligent or do not take measures to protect themselves when they receive a link or information from someone they trust;
  • Urgency – the need for speed or haste, the saving of time, and the reduced deadlines that people have to accomplish something, they are a type of artifice used for the victim to disregard the possible consequences of performing the action desired by the attack, simply because he has urgency to complete something;
  • Laziness – the path of least effort and even laziness in its worst form, which is when there is resistance to what is hard work, is another human characteristic explored by offering simpler alternatives to what is currently done;
  • Solidarity – appealing to the well-being of others, to compassion, to kindness, to empathy, is a technique that is also widely used in order to avoid caution and mistrust of victims;
  • Knowledge – actually seeks to support the ignorance that many users have of many scams and the lack of humility to assume some level of ignorance on the subject. Not infrequently, he makes use of laziness to make sure of something;
  • Needs – works based on the supply of basic needs of the individual, such as self-esteem, achievement, relationships, physiological needs, success, etc., to motivate the victim to take the desired action;

Advantages – the unmissable promotion, the above-average earnings, the unique opportunity, are examples of situations that motivate the user to carry out the proposed action without much questioning, having as justification the advantage that will be obtained.

Making use of such aspects, there was a time when a scam known as Nigerian Fraud or Fraud 419, was on the rise and affected countless internet users and that, using fictitious arguments and data, convinced victims to carry out cash transfers.

In addition to these behaviors, social engineering is supported by other factors that also serve support of others Internet problems such as fake news. After all, how many people make decisions based on information – in the case of disinformation – that appears on their social networks and admit it as true and without questioning?

15 tips to know if a website is safe or not if it is false / fraudulent

First of all, it is important to point out that some of the aspects listed below, in isolation, may not mean that the website in question is necessarily safe or that it is fake / fraudulent.

Nor, the absence of all signs, that automatically the site is authentic and safe.

The more items are confirmed, the greater the probability that the website accessed offers some level of insecurity.

It is also worth noting that some tips are better applicable through access from a desktop or notebook, due to the visualization and operation characteristics of websites in this type of device.

The responsiveness or mobile visualization may make it difficult or even im ask for some checks.

1. Check the link / URL

It is quite common for fake websites to be identified from the link or URL that leads to the fake page access.

The main clues are:

• • • Spelling errors – in an attempt to visually deceive, especially the most distracted, are registered domains that resemble the domain of the website which is intended to be spoofed. So, for example, a URL like “http://www.app1e.com” or “http://www.amaz0n.com”, “hides” its falsehood by replacing the “l” with “1”, in the case of the first example, and “o” for “0”, in the case of the second. The less observant may not notice the difference;
    • Use of other extensions – the availability of domain registration using new domain extensions, made it possible to create similar domains, differing from the originals only by the extension. It is common, especially for large companies, to have registrations of their main domain with other extensions as well, but usually, when this is the case, there is a redirection to the main domain when accessed by another extension;
    • URLs too long – in an attempt to hide a problem with the page address, some use URLs that are too long, in order to make them less readable. When in doubt, select, copy and paste the link in notepad or other similar application, enlarge the font size and carefully analyze the address;
    • Shortened links – although easy, practical and quite common, they can hide a trap, when their use is intended not to reveal the real domain;
    • URL Scanner – there are URL scanning services that use online tools and databases to identify the presence of threats (eg malware) at the addresses provided:
      • https://opentip.kaspers ky.com/www.pneusdrive.com.br/
      • https://www.urlvoid.com/
      • https://transparencyreport.google.com/safe-browsing/search
      • https://sitecheck.sucuri.net/
      • https://safeweb.norton.com/
      • https:/ /www.virustotal.com/gui/home/url

In case you have received a link by email, SMS or a share on a social network, most web browsers, when positioning (without clicking) the pointer mouse over the link, displays the address corresponding to the link in the lower left part of the window and here is one more reason why we recommend checking it on a notebook or desktop.

When in doubt, right-click right click on the link and use the option “copy link”, pasting it in the notebook for better viewing and evaluation