Book a Free IT Security Audit for your business
• Pay attention to the address bar.
• Check the domain name.
• Watch for poor grammar and spelling.
• Look for reliable contact information.
• Walk away from deals that are too good to be true.
Cyber criminals are always looking for ways to steal data they can sell on the dark web or use for identity theft.
One of the tactics that they use is stealing login credentials. These credentials can be just as valuable as bank account information, and criminals can use them to launch highly targeted phishing attacks or gain unauthorised access to a business's online accounts.
One popular method of stealing login credentials is by using fake login pages, and they are usually obtained through phishing emails directing the recipient to the fake login page. This tactic works well because the email and website both look legit but scratch the surface and the signs are there.
So, how do you identify fake login pages?
In this blog post, we'll discuss some useful tips on how to spot fake web pages to protect your business.
The address bar is one of the essential elements that you should always pay attention to. The URL of the website should match the official website of the company in question. Compare the URL with the one you usually use to access the website.
This is critical as cyber criminals often use slightly modified URLs that spell a brand name with a single letter difference. Always type the URL in the address bar instead of clicking on a link in an email, which can be a phishing message. Doing so can lead you to a fake login page, which may look identical to what you are used to.
The domain name on a website is another valuable tool for identifying fake login pages. It should match the official website of the company. In some cases, cyber criminals can create subdomains that look legitimate, such as 'login.your-company-name.com.' It is essential to pay close attention to the entire URL of the website, including subdomains and any other terms. This can help you spot phishing attempts and redirect attempts, which are usually marked by a mismatch in the website domain.
Question: Which of the images below is legit and which is suspicious?
Answer: The bottom one can be trusted.
Microsoft does not include the word deals in its outlook login URL.
Great if you noticed. Even better if you spotted Microsoft was miss spelt.
Bonus points if you noticed that something wrong with the https:// too. It is missing its security certificate which you can identify as a missing padlock and a missing S - http:// not a https:// as it should be.
Warning: Do not attempt to visit a spoofed version of webpage, even if you typed the address yourself. This website will almost certainly have been set up by cyber criminals with the intent to scam visitors and or infect their machines with malware.
Sometimes cybercriminals can create fake login pages that are different from the official website of the company in many ways but can still deceive you. One tell-tale sign that the page is fake is poor grammar and spelling. Criminals often use automated tools to generate these pages quickly, which can lead to poor spelling and grammar. This is an eye-opener and should serve as a red flag that something is wrong.
Additionally deliberate poor spelling an grammar allows the cyber criminal the opportunity to create similar looking much like in the example above.
Imagine the url was in fact displayed as login.microsofonline.com - on a busy high stress workday could you miss the miss spell?
The example above is a great example of a spoofed login.
The contact information should be on every legitimate business website and include the company's name, phone number, and email address. If you are on a login page with contact information that is missing or incomplete, particularly unreliable, it is best to walk away. Reliable contact information is one way to confirm the legitimacy of a website, and anything less should be a warning sign.
Be wary of offers that are too good to be true. Cyber criminals often use this technique to lure victims into fake login pages. Avoid clicking on ads that state you won or got something for no apparent reason.
Cyber criminals use these tactics to obtain data and use it maliciously. Suspicious offers have a high likelihood of fraud, and businesses should be cautious of such offers.
An effective way to protect your business from cybercriminals is to understand the tactics they use and how to identify them. One common tactic in their arsenal includes the use of fake login pages to steal login credentials.
In this blog post, we have discussed some of the essential tips on how to spot fake login pages, including paying attention to the address bar and domain name, watching for poor grammar and spelling, looking for reliable contact information, and walking away from deals that are too good to be true. Being vigilant with your web browsing habits can help reduce the chances of falling victim to these phishing attempts or having vital data stolen from you.
If you feel your business may be at risk and you are looking for advice then contact us at The One Point and schedule an appointment with our expert team.
Alternatively call us on 01482 420150for support.