If a scammer has your phone number, you should lock your SIM card, secure your online accounts with strong passwords and block spam calls from your
You can spot a phishing website by checking the URL, looking at the website’s content, reading reviews of the website and using a password manager that can verify the legitimacy of websites.
Continue reading to learn what phishing websites are, how to identify them and how to avoid landing on them.
What is a phishing website?
Phishing websites are designed to appear as normal websites but are really aimed to deceive you into entering sensitive information, such as a password to an online account or credit card number. Sometimes, cybercriminals will spoof websites to make them appear legitimate when they aren’t. Once you enter sensitive information on these phishing websites, your information is sent to cybercriminals, who could use it to impersonate you or commit fraud.
5 ways to identify a phishing website
There are several ways you can identify a website as part of a phishing attack.
1. Make sure the website address is correct
You should check the URL for any discrepancies, such as the domain name being slightly different from a legitimate website or strange characters added to the end of the link. Check if a link is safe by copying and pasting it into a URL checker, like Google Transparency Report, which will verify the legitimacy of the website. It is important to do this without clicking on the website because just clicking on a phishing website could infect your device with malware.
2. Your browser is telling you it’s not secure
Some browsers will notify you if they believe a website is not secure. A browser can tell if a website has an unsecured connection by checking for a Secure Sockets Layer (SSL) certificate, which encrypts data between your device and the website. If a website does not have an SSL certificate, it does not meet basic security measures. When you receive a pop-up warning that a website is not secure, you should exit the website immediately.
3. You notice the website looks suspicious
If you accidentally click on a phishing website, you might notice blurry logos, grammatical and spelling errors, low-resolution images or awkward phrasing. These are clear signs you are visiting a phishing website. Be sure not to enter any login credentials or private information, such as credit card information.
4. Be cautious of pop-ups
Pop-ups may contain malware if you’re on a phishing website, so it’s important not to click on any pop-ups that ask for your personal information. By entering your login credentials or credit card information, you could be giving your private information to a cybercriminal who created the phishing website. Exit the website if you notice pop-ups asking for personal information unless you’re sure the website is secure and legitimate.
5. Read product reviews
If you click a link and it takes you to a shopping website, closely read and analyze the product reviews to help determine if the website is legitimate. Reviews can help identify if a website is part of a phishing attack. If you notice all very positive reviews, reviews posted by the same person or reviews posted within a short period, this could be a sign that the link leads to a phishing website.
How to avoid landing on a phishing website
You can avoid phishing websites by learning the common signs of phishing messages, not clicking on unsolicited links, following your device’s warnings and using a password manager.
Learn to spot phishing emails and texts
There are several ways you can tell if an email or text is a phishing attempt. In emails, check the sender’s email address because the sender’s name might not match their address, or the sender’s email domain might not match the company they claim to be from. For example, if you receive an email from John Smith, but the sender’s email address is randomman2024@emailaddress.com, that would not match who he claims to be. Similarly, if you receive an email from Venmo but the sender’s email address is not venmo@venmo.com (Venmo’s official email address), this is a phishing email.
Whether you receive a phishing or smishing message, be aware of the following:
- Urgent language
- Spelling and grammatical errors
- Suspicious links or attachments
- Offers that are too good to be true
- Requests for private information
Any or all of these signs indicate that the message you received is part of a phishing attempt. Make sure not to share any sensitive information over email or text, such as your Social Security number or credit card information. If a suspicious email or text contains a link or attachment, do not click on or open it, as it may contain malware that could infect your device and steal your information.
Never click on unsolicited links
Instead of clicking on unsolicited links, you should go to an official website by typing the official URL into your browser. For example, if you receive a link in an email claiming to be from Amazon about a special promotion, you should go to Amazon’s official website by entering the URL into your browser. If you search their website and find there is no promotion matching the email’s claim, you will know that the link and email you received were likely part of a phishing attempt.
If you had clicked on an unsolicited link and logged in to what you believed was Amazon, you would run the risk of malware being installed on your device and stealing your private information, such as your login credentials.
Listen to warnings provided by your browser or device
Follow the warnings your web browser or device gives when they indicate a website is not secure. Pay attention to these warnings, as browsers and devices can detect when a website is unsafe based on security standards. Some of these warnings will say “Dangerous site” or “Site is unsafe,” so they are clear and easy to follow. When you see these warnings, exit the dangerous website immediately.
Use a password manager
Password managers like Keeper® can help you identify phishing websites by automatically filling in your login credentials on the appropriate website. KeeperFill®, Keeper’s autofill feature, will only fill in your login credentials if the website stored in your digital vault matches the website you are on. For example, let’s say you have your login credentials and the official website saved as a record in Keeper Password Manager for Apple. When you visit Apple’s official website, your login credentials will be entered automatically. However, if you receive an email claiming to be from Apple, click on that website and your login credentials do not automatically fill in, this means it is a phishing website.
Stay protected against phishing websites
Avoid landing on phishing websites by following your browser’s warnings, checking a website’s legitimacy, not clicking on pop-ups and using a password manager. Relying on Keeper Password Manager can help you not only avoid the dangers of phishing but also protect your login credentials from cybercriminals.
Start your free 30-day trial of Keeper Password Manager today to stay protected against phishing attacks, malware and other cyber threats.