It’s fake! How do we know?
A big tactic in phishing is the art of creating a bogus website that is as close to the real website as possible. The best way of determining if a website is fake, is to pay close attention to the URL. Many people click on links without ever looking at the URL it will take you to. The URL tells you a lot of vital information for you to determine where you are and how secure you are there. When visiting a new website, especially if you got to that website through a link contained in an email, make sure you glance up at the URL and check it out for any red flags before entering sensitive information.
To know what to look for in a URL to find red flags, you first need to know how a URL is constructed.
Looking at the image above, you’ll notice that there are three things that make up the resource name. The sub-domain, the domain name, and the top-level domain. The sub-domain can be changed in order to mimic a trusted website.
If you look closely at the URL at the top of the browser window, you’ll notice that the URL is designed to look like it’s actually PayPal. But if you look a little closer and remember the parts of the resource code, you’ll see that paypal.com is actually spoofed as the subdomain and is not actually the domain name. The domain name is actually, “confirmation-manager-security.” Remember the real domain name appears right before the top-level domain (example: .com/). The example above is a phishing site trying really hard to get you so trust it. It’s always important to check the URL because even phishing sites will sometimes display the green padlock (which is there because the site is using an SSL certificate) to get you to trust it.