You go to a website that looks authentic, but the moment you type your details, you don’t get the real deal. What is this site, and how can it look so authentic?
It’s been around for the longest time, but so many of us don’t know what it is. It’s in links both familiar and foreign, and it’s designed to trap us, and to make us think we’re clicking into the real website.
It’s called “phishing”, and it’s what scammers typically resort to when it comes to trapping your details on a scam website, relying on forms that look like real website logins to capture.
How can you work out which website is real and which is not?
What a phishing website typically looks like
Frustratingly, phishing websites will try to look like a known website, thereby making it a little difficult to work out which one is the real deal. A phishing site trying to look like a Google login will usually look a little like a Google login, while a phishing website aiming to look like an Australia Post login will, you guessed it, look like an Australia Post login page.
The point of phishing is trickery, usually with a form designed to look just like a real website you know and trust. Some of the information may be a little strange, such as places to enter your details that don’t make much sense, and maybe even a logo that’s a little pixelated or blocky, but overall, a phishing site is designed to be close enough to fool most people.
Ultimately, a phishing site you’re sent to is built to look real, and that’s the trick: if you don’t pay attention to the website you’re at, you might unwittingly enter details in something that is a scam, and that’s bad news for you.
So how do you know the difference between real and phishing? Check the URL.
What is a URL?
More technically known as a Uniform Resource Locator, the URL is the link for a website that represents a page. It’s the www dot whatever that you can see at the top of a page, and it might not have “www” in its name at all.
This is where you can check whether a webpage is real or not. If it’s real, the URL will show the domain of the place you’re supposed to see. If it’s not, it will likely have extra words or characters that blow it out. Instead of seeing your bank’s original website address, it might end in a different way.
That’s one of your best ways to find out whether you’re in the right place: check the URL to find out whether the website is, in fact, the place you’re supposed to be at.
Where is the URL on my web browser?
Regardless of if you’re on mobile, tablet, or desktop, the URL can be found near the top of your web browser. You can find it in what is typically called the “omnibar”, with the section of your web browser acting as both a place to type in (and show) URLs, as well as let you search from it.
It’s here you’ll find out whether you’re at the right page or not. Scammers can’t use a real URL belonging to a bank, a postal company, or anyone else. They can only fake it, and often provide outlandish web addresses because few people actually check.
But you can check. You can check the URL in a phishing attempt to even the score and stop scammers in their tracks.
To understand what phishing is and help educate on how phishing works, How Scams Work has built a fake phishing page to point out what sites like this do, and how you can beat the phishing.
Phishing scams ask that you trust a website based on look, but the clear point is that it can’t fake the URL. A scammer can get close, but the result won’t be perfect. In fact, if you check the URL and compare it with a real site, you will find the domains won’t line up.
The point is to always check the URL in your bar, and unless you found yourself at the link from the official website — if you came to a login page page through an email — close it down, open a browser tab or window up, and type in the proper website for the login, or search for it. You should only find the real website.
To put this education to the test, take the How Scams Work Phishing Challenge.