GOOGLE and Facebook users are urged to check for sneaky typos in a dangerous “spoofing” scam that puts your bank account and identity at risk.
You may not think twice before logging in to check your email, but subtle changes in the URL can mean you’ve stumbled upon an entirely different, malicious website.
A spoofed website is created with the intention of decieving internet users and gathering information like credit card number or login credentials.
One of the telltale signs is a typo in the web address. Some errors may be glaring, but they are usually hidden – meaning you should browse with caution.
Cybercriminals will use a URL for their spoofed website that is just one character off from the legitimate site. An example is “amaz0n.com,” with a numeral in place of the “o.”
Before clicking on the URL, hover over the link with your cursor. This will allow you to preview the full address and identify and misspellings or grammatical errors.
There are other ways to protect your data before you’ve navigated to the website.
Most spoofed websites are circulated through phishing messages, like texts or emails.
You may be urged to click on a link to correct shipping information or issues with your account on a specific website.
If you receive a message that asks for personal details, there are a few ways to determine if it was sent by a hacker – and the clues lie in the language used.
Phishers often send messages with a tone of urgency, relying on this pressure to get users to act quickly.
If an unsolicited message claims “urgent action is needed,” take a breath and examine the contents of the email or text.
Another way to ensure a website is legimate is to check whether it is secured with HTTPS.
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website, meaning it scrambles your data to protect it from prying eyes.
This becomes especially important when placing a product order or signing in to access sensitive personal information.
Websites guarded with HTTPS often feature a padlock in the top left corner of the address bar.
However, this is not a gauranteed sign you’re safe, as cybercriminals have developed ways to leverage HTTPS that hide malware from detection.
One of the tried and true ways to stay safe online is enabling multi-factor authentication on devices and accounts that allow it.
This sign-in method asks users to confirm their identity in several different ways before accessing their accounts.
Using biometric credentials like a fingerprint or face scan is among the best ways to keep your information under lock and key.
This can prevent a hacker from accessing your account if your login details were exposed in a data breach.
It will also prevent the use of credential-stuffing tactics, where cybercriminals test different combinations of usernames and passwords until they find a match.
Here Mackenzie Tatananni, science and technology reporter at The U.S. Sun, breaks down ways a scammer may get your information.
Scammers commonly get phone numbers from data breaches, which occur when a hacker accesses a private database – often those maintained by companies like service providers and employers.
This information may be shared and circulated online, including on the dark web, where there are forums dedicated to sharing leaked information.
Another common technique called wardialing employs an automated system that targets specific area codes.
A recorded message will instruct the listener to enter sensitive information, like a card number and PIN.
There is also a far more harrowing possibility: your phone number could be listed online without your knowledge.
Data brokers are hungry to buy and sell your information. These companies gather information from various public sources online, including social media and public records
Their primary goal is to build databases of people and use this information for tailored advertising and marketing.
Much of this information ends up on public record sites, which display information like your phone number, email, home address, and date of birth for anyone to see.
In the United States, these sites are legally required to remove your information if you request it.
Locate your profile and follow the opt-out instructions, but be warned – these sites do not make it easy and intend to frustrate you out of completing the deregistration process.
For simplicity’s sake, you can also use a tool to purge your information from the Internet.
Norton offers one such service. Called the Privacy Monitor Assistant, the tool finds info online and requests removal on your behalf.
It is also possible that your phone number may be linked to a social media account and publicly displayed on your profile – this happens quite frequently with Facebook.
Be sure to review your privacy settings and confirm this information is hidden away from prying eyes.
