Look carefully at any ad or pop up that tempts or attracts you with freebies and offers etc.
It could be a scam, warns Niranjankumar Upadhye.
Illustration: Uttam Ghosh/Rediff.com
In today's times, most real world experiences are being consumed in the digital domain.
A company's official Web site is the most common interface created by business houses for customers to explore products/services, to stay informed and educated about their latest offerings.
But what happens when you use a Web site/online portal to shop?
How do we know the site you are shopping on is safe?
Is someone tracking your online movements? How safe is the personal information submitted on a Web site?
Fraudsters create spoof Web sites that look deceptively similar to those of legitimate businesses with the aim to 'phish' out personal information and payment details submitted by unwary customers.
If you are watchful, it is not difficult to spot a fake/phishing Web site.
Here are some guidelines to check for a site's credibility and keep your money and data safe:
1. Evaluate the URL (site address)
Typically, a fake site will appear very similar to the original Web site but with some irregularities -- like a misspelt brand name, missing letters or extraneous characters in the URL.
The letter small 'l' can be replaced by a capital 'I' or the number 1 or the pipe symbol ('). Similarly, a zero (0) can be replaced with the letter O.
Spotting any of these irregularities can help you identify a fake Web site.
For example, if the Web site of a legitimate business is say: www.sharpelectronics-example.com, the spoof Web site may be spelt as www.sharape1ectr0nics-examp'e.com.
Catching these goofs in the browser bar can be a lot more challenging.
Use a Web service like PhishTank to determine if a particular URL is legitimate and safe.
2. Verify security certificates
All secure Web sites will have the prefix of 'https://' (Hypertext Transfer Protocol Secure) protocol reflected in their Web address.
Always make sure that you are accessing a Web site with this protocol, especially those sites that ask you to share your personal information or financial data for transactions, like for shopping or banking.
Click on the padlock or 'Site Information' icon in the URL and click on 'Certificate' to ensure it is valid and current. Else your data can get into the wrong hands within seconds.
3. Keep your browsers and antivirus definitions updated
Most of the time we use Chrome, Firefox, Internet Explorer or Safari to search for information.
Their constant upgrades provide improved inbuilt features to help users identify fake Web sites whenever they are attempting to login.
The latest versions of antivirus software like Norton, McAfee and Avast enable notifications and pop up messages immediately when a user unwittingly tries to access a fake Web site.
A good resource to verify Web sites is the Comodo Web Inspector and can be found here -- https://app.webinspector.com
4. Think twice before you tap on an eye-catching ad
Look carefully at any ad or pop up that tempts or attracts you with freebies and offers etc. It could be a scam.
Clicking on the pop-up or a shortened URL or embedded hyperlink can probably lead to a fake Web site or allow malware to creep into your system.
5. Cross check the Web site reviews
It is one of the very common ways to understand the quality of the Web site.
Type and search for the domain name in the search engine followed by 'reviews.'
It will reveal user experiences. If it is pooled by negative reviews, you must must avoid accessing the Web site.
6. General awareness
Apart from technicalities, you should be quite vigilant when sharing details online, especially when it involves money.
While performing an online transaction, take a pause and go through the terms of service and shipping/fulfilment policies.
Make sure that you have adequate recourse to protect your transactions and that your data is not going to be misused.
7. Absence of contact details
The whole idea of putting up a Web site is to let others know about your brand.
If a Web site doesn't have verifiable contact details including a physical customer service address, telephonic or e-mail customer support facilities, then it is probably a poorly run business or an attempt by fraudsters to create a fake Web site.
Payment service providers generally take multiple measures to ensure secure transactions on their portals. But it is important to be vigilant and following the above guidelines would help to understand the credibility of a Web site.
Niranjankumar Upadhye is general manager, fraud risk management division, Worldline India.
