Tag Archives: typosquatting

Fake Websites and Phony Trust

www.keepcalm-o-matic.co.uk

If you follow the African-American Cyber Report you know there are certain rules that we preach constantly. You can find these rules on the homepage. But I need to point out two of those rules that come into play here. Rule #1 “The only rules on the Internet are the ones you impose and enforce.” And rule #10, “Everything on the Internet is real; just not always true.”

I encourage black people not to trust anything you see on the Internet simply because its all suspect until you verify it. That is the case with all those seals of approval you find on the Internet websites. They could be worthless because the are so easily copied and used by scammers and malicious actors online. Those badges or seals are known as “trust seals” but really they are just images, pixels, on your screens. Anyone could copy and paste these images on any webpage. Yeah it might look fancy and official but that means nothing. Check rule #10 again. Whenever you are about to buy something online or download some app or software you need to first verify that you are indeed dealing with a reputable party. You need to do your homework.

African-Americans are warned to impose their own standards on everything they do online and protect yourself from the bad actors you are bound to come across on the wild world web. Check rule #1.

You might be ready to buy software or a game or movie online or download an app and see this;  “CNET gave our software a 5-star editor’s choice rating,” or “We are a BBB accredited business with an A+ rating.” Suspicion of these statements would serve you well.

Any malware author or phisher could copy and paste a logo, seal or statement on a  malicious website in a few seconds. Someone that copies those seals or statement to mislead people would be violating copyright law but how many people are going to lose money before that person is caught and shut down?

 

And if you did not know there are literally thousands of phony, duplicate or replica websites on the Internet. You can easily get caught up in a scam or get stuck with malware, ramsomware or a virus if you are not careful. Do you home work and study how to spot phony websites.

When you see those seals or badges on a website you should be able to click on it and be taken directly to the website that provided the seal of approval. Once there the seal-provider’s website will verify whether the original website you were on is actually a recipient of the seal.

Ok, that’s how it is supposed to work. But does it really? In reality even if the site is legitimate clicking on that badge may not work. This where you have to do your homework. Take the time to go to the seal providers website and investigate to see if the software is really a “PCWorld editor’s choice” or accredited by the Better Business Bureau. Listen to me when I tell you that those seals, badges and quotes don’t mean a damn thing by themselves. You need to protect yourself. No one is going to do it for you.  Check rule #1 yet again!

In some cases doing the research may not be a easy task. Microsoft doesn’t offer an easy-to-find “certified partners” list but we found it here in case you need it. However, some seals you can click,  but again, you could be transferred to a phony replica website.  Investigate the web address closely look for misspellings that could look like the web address but is not.  This trick is called typosquatting or URL hijacking. Here is an example; www.google.com is the real website. the fake could look like this www.gooooogle.com or www.goggle.com. Look carefully at the differences.

Another problem you need to be aware of is that those seals and logos don’t always mean what you think they mean.  For example, that “Norton Secured” seal only means that the website is scanned daily for malware and other vulnerabilities. That is not considered the ultimate level of security or privacy. The BBB Accredited badge means the website’s company is registered with the Better Business Bureau. It is not an indication of the level of satisfaction of its customers. That 5-star rating from a software download site just means a reviewer at some point in the past gave that program a good rating, or the scammer gave themselves five stars. And that “Microsoft Certified Partner” badge has its own issues. It doesn’t seem to mean much at all except maybe the software works with Windows computers.

 “Be paranoid when you are online. It’s a great defense mechanism.” 

I understand all this can be confusing and even frustrating. You need to use that fear and frustration as fuel to protect yourself. But there are a few things you can trust when online. Look for the green bar on your URL window. That’s the window where you type the web address of the website you want to go to. When you see that green name next to your address bar that is a definite confirmation that the website has had its identity verified. Read more about these “Extended Validation” certificates and how they’re more trustworthy than typical SSL certificates.

The above image reveals the real PayPal website and a phony site. Notice the green in the address bar.

Lets be real about this. You will find legitimate websites displaying a fake seal. And eventually they will get caught and be forced to remove it. But how legitimate is a website that fakes its trustworthiness? What you should worry about are the pop up sites that are here today and gone today. These are the site that distribute malware, launch phishing scams and steal data. Its those websites that get the most benefit from stealing these seals. They are breaking the law anyway so faking a seal-provider’s logo or seal is really no big deal for them. Be most cautious when it come to financial websites like your bank. A fake website like www.wellsfago.com is waiting for you to log on thinking its www.wellsfargo.com.

Its the Internet; trust no one.

Now you know

 

 

 

Now You Know: Typosquatting

Typosquatting is when a cybercriminal creates a website with a name or address similar to a popular and honest website. For example you’re looking for www.macys.com. But you may be a bad speller or simply mis-type the address. And you land on something like www.maceys.com or www.nacys.com. A mistake any of us could make. The cybercriminal is waiting for you when you arrive and you could end up looking at a lot of spam advertisements or getting hit with a drive-by download of some malware.  (See drive-by download in Terminology) This situation happens everyday and is a real problem for both legitimate websites and innocent consumers.

Some websites are complete impostors. They look every bit like the real website but they aren’t. You think you’re on the Bank of America website when in actually you’re in a cybercriminal’s trap at www.bancofamerica.ru.   These sites may ask you to log in or verify with a credit card number. This is called as phishing. Once you enter that information you could be in real trouble.

Pay close attention when typing in URL’s. That’s a web address. Look carefully at it before you hit the enter button. Check it again after it appears on your screen. Be careful.

Now you know.