You probably visit dozens (if not hundreds) of different websites every day. You read articles on this site, go to the social media channels from that site, watch a TV show on one of the streaming sites and then click on a link that a friend sent you. In the big shopping month, you also spend quite a bit on trade sites and buy products online that you have been waiting for at a discount.
But are you sure that all the sites you visit are safe and that none of them are actually a phishing trap site? Information security company ESET Offers a number of ways to help you know if the site is safe:
1. Missing spelling: Beware of addresses URL That are not spelled correctly and similar outlines
Some of the most common tactics used by cybercriminals to get people to enter their malicious website are homoglyph attacks (also known as homographs) and addresses URL Having intentional spelling errors and other misconceptions.
This is an attack in which the cyber criminal registers a network address (domain) That its name is very similar to the name of another company but written differently, or using different letters that look similar to the originals.
For example, imagine the name Microsoft Spelled approxmicrosoft.com-, So that the signal n Is after the signal r And the two together look like the signal m (When it depends on the type of font, its size and the skill of the reader). In another case, one of the characters can be replacedO on behalf of Facebook In the Greek letter omicron, which looks similar.
A similar ploy happened typosquatting, In which the attacker enters URLs similar to those of popular web sites but adds common spelling errors, such as gogle.com or gooogle.com. Both of these addresses are today in the hands of Google and point to the original site, but there are many more options.
Today, some security products have a component that detects homoglyph attacks, and they should alert you when you try to access a suspicious network page..
2. Check if the site is a malicious site
If you are concerned that there is something suspicious about the site you are visiting (or planning to visit), there are a number of online tools you can use to check if the site is malicious.
Google, for example, offers a tool for identifying e-status Safe Browsing-Of a particular site, to which you can copy the address of a particular site so that the tool will tell you if it is safe or not. You can also use the VirusTotal Which analyzes the web address of a particular site, checks it against some antivirus engines and crawls top-notch sites and shows if it is malicious.
You can also check the website whois Who owns the domain name (domain) Which you visit. whois Is a list that includes information about domain names, such as domain name holders, when it was registered and ways to contact the owner. To submit such a query, all you have to do is go to a dedicated website that deals with it and enter the URL you want to visit.
Among other things, you will want to know if the domain name is one that has only been registered recently, which may indicate that it is malicious. However, there are cases where such a situation is due to people not paying much attention to these things when registering the domain name.
4. Pay attention to the language
Websites of real companies will take care of visibility and professionalism. A site that contains too many spelling, punctuation and grammar errors may not be true. Serious companies have entire departments of people who are responsible for the integrity of the sites, including visibility, texts, correct Hebrew, etc. Excessive errors of this kind may indicate that the site is illegitimate and should be avoided.
5. Check the contact information
Every legitimate company is interested in creating a long-term relationship with its customers, and will display contact details on the website in case something goes wrong. This is usually a contact form, email address, physical email address or phone number.
If you are trying to call the phone number and it is not available, or it sounds like the person answering the phone is unprofessional, you are most likely on a site that serves as a scam infrastructure. If this test passes successfully, do another check – search the company’s official contact information on Google and call the number listed there for extra security.
6. Look for the signal S B-HTTPS… but…
One of the main rules of thumb for checking the security level of a particular site is to check if it is using the protocol HTTPS. Although the protocol was previously considered the ultimate solution to all security issues arising from websites, in reality this is a bit more complicated. All the protocol ensures is that the communication between the web server and the user’s browser is strongly encrypted.
However, the protocol does not know whether the site you are securely communicating with is indeed your bank’s site, or an exact copy of it that is trying to steal your access information.. Today, cybercriminals can obtain a certificate SSL/TLS Completely correct and very easily for their malicious sites, just as a legitimate business can obtain this certificate. As the possibility of obtaining such a certificate has become very cheap (and even free) and easier to implement, we will continue to see more and more cases where cybercriminals use them to make innocent users think the site is safe.
7. Use a reliable security solution
Using a comprehensive and reliable security solution can greatly help in defending against network threats, including malicious websites. Most security software will crawl the page using built-in crawlers that search for malicious content, blocking access to the site if it detects something that could be a threat. This prevents the downloading of malicious content, from any source.
The protection software will also compare the site with a blacklist of sites known to be malicious, and will block access if you find a match. Reliable security solutions will also use technology to protect against phishing attacks, so you will be protected from attempts to steal passwords, banking data and other sensitive information through malicious sites that impersonate legitimate sites. If you try to access a particular web address, the security solution will compare it to a database of phishing sites, and if a match is found it will block access and display a warning of danger.
To sum things up, experts ESET It is always advisable to check the spelling of the URL, be suspicious of its security clearance, and even type in the URLs yourself if possible.