How to Identify Phishing Websites
Phishing is one of the most effective and successful ways for cybercriminals to steal personal and financial information. As we spend more and more time online, fraudsters are capitalizing on this increased digital activity to launch phishing attacks.
What is a Phishing Website?
Phishing websites, also known as “spoofed” sites, are designed for the purpose of stealing your account information, password, or other confidential data by tricking you into believing you are on a legitimate website. Phishing websites often copy legitimate URLs (web addresses) by making slight alterations to the actual address in hopes that users will not notice the difference. Legitimate business logos, and even direct copies of website landing pages, can be stolen and placed on the phishing site to enhance the appearance of being legitimate.
Unfortunately, Service Credit Union is not immune to website spoofing and although we make every effort to prevent or take down websites designed to look like that of the credit union, we still encourage all members to pay close attention to websites they interact with to attempt to spot a phish.
How to Spot Phishing Websites
Check the URL:
- The web address should begin with HTTPS:// or HTTPS://. The S indicates the web address has been secured with an SSL encryption certificate. This guarantees that any information passed between you and the website is secured. However, this still does not guarantee that the site is legitimate, only that it is secure.
- Pay close attention to the spelling of the web address. Spoofed sites often make small changes to the spelling to make fake websites look legitimate such as replacing the letter O with a number 0. Ex: www.G00gle.com
Assess the content of the site:
- Looking professional or having a valid logo isn’t enough to guarantee a website is safe.
- Look at the ‘Contact Us’ section. Legitimate websites often include a page dedicated to full contact details for the company including address, phone numbers, email addresses, and social media channels. Comparing these details with known information, such as contact info on the back of credit or debit cards, or searching the internet to verify this information, will provide you with insight as to whether the site is spoofed.
- If you’re not sure about a website, check their privacy policy/website disclaimer. Make sure you’re comfortable with what it says. If you are not able to click on the website disclaimer, then treat the website as highly suspicious.
Be cautious of login pages:
- Before entering any credentials into a website, verify the URL and content of the website. If you are trying to log into your bank account, check the back of your credit or debit card for correct contact information; do not rely on solely the internet.
- Bookmark your most commonly visited websites in your web browser and use those bookmarks to access sensitive sites.
- Utilize trusted mobile apps for logging into accounts, supported with biometric authentication or multi-factor authentication.
Below is an example of a spoofed Service Credit Union website. Please note the incorrect URL, even though it is using HTTPS, the incorrect address information, email addresses, login page details, and contact phone numbers provided.
Example:
Fake Website: https://www.servicecreub.com
If you are ever in doubt as to the legitimacy of a website, please do not hesitate to contact us.