Just like technology, the ubiquity of the Internet and smartphones has made our lives easier. However, this comes at a cost. We are now more sensitive than ever to the perils of the cyber world. While the internet has made our lives so comfortable that we can get everything from the comfort of our couch, it has also exposed us to dark, malicious imposters waiting to trick us.
The number of scams linked to fake websites is increasing every year. The crooks search for sensitive information or data, through which they try to trick the customer. There are cases where the crooks also demand the payment of early processing fee to offer the loan. Scammers have taken a step forward by pretending to be employees of reputable organizations selling insurance to spoof website domain names and pose as social media accounts of reputable brands. It is therefore important that we are on our guard and that we do not fall into the trap of everything the Internet offers us.
What is fake website fraud?
As the name suggests, a fake website fraud is when a scam website is used to scam people. The scam can be in multiple places like attractive fake sales, banking website offers, government website for information update etc., but the mechanisms are all the same, i.e. – say getting people to donate money. This can be either through direct purchase or entering personal information that will give illegal access to your bank accounts.
The online attackers will trick users into accessing the bogus website through SMS, email, etc., and present an issue that requires urgent action from them to continue. The situation created will require their credit card information, account login and other such sensitive data.
The two most popular examples of fake websites would be:
Phishing of fake websites – Scammers create illegitimate websites for financial institutions, service providers and present fake situations to trick you into disclosing your personal information. It could be a renewal of insurance at a very low rate, or a reset of your Netflix account password and more.
Fraudulent websites of online sellers – In this scenario, the crooks create a fake e-commerce website and sell products at prices “too good to be true” in order to get your credit card or bank details.
Another example of a scam website is ‘formjacking’ where scammers hack into an eCommerce website and when they have to pay they are directed to a different URL that looks suspiciously like the payment gateway you’re used to and which you would not doubt. . They then manage to get your financial information.
How do these crooks work?
“Offers like never before, dear Bajaaj Finserv member, click the link to get 75% off this weekend on all products.”
“Dear member, we are writing to you from Bajaj Finaance, please update your personal information on our website or your loan will be canceled.”
Such a fraudulent email will be sent to you with a link to a website that looks similar to that of a known company. Here, you will be asked to disclose some sensitive information – account name, password, etc. If a business tried to contact you, firstly, they would know your name since you are associated with them and secondly, they would never use a tone or suspend any ongoing transactions with them.
The people who carry out this type of fraud deceive users in 3 ways:
1. Bait or fear: Attackers will attract Internet users to their website, through attractive offers through multiple distribution channels. The second emotion they play on is fear, giving ultimatums such as “You have 24 hours to reset your password …” or “… 24 hours to renew your policy, otherwise your account will be closed or your insurance will be closed. will cease to exist.
2. Compromise: They then compromise the position of users by forcing users to expose their sensitive information.
3. Execution: Cybercriminals then exploit private information for private gain.
These are just a few of the ways that scammers gain access to sensitive information and data to steal your hard-earned money.
How to Identify Fake Websites?
If you follow these tips, you can stay protected by being able to spot bogus websites:
Double check the domain name: Even though the fake websites are similar to the originals, if you look closely you will eventually notice spelling mistakes, wrong addresses, or no registered office to figure out that the website is a fake. The website URL will also reveal its legitimacy – fake website names will have an additional letter or different case, which can easily go unnoticed. Watch carefully!
Language: If the communication on the email or website tends to evoke extreme emotions such as a sense of urgency, fear or “too good to miss”, be on your guard!
Poor website design and interface: Genuine entities will have appropriate design, communication and visuals. If the website looks amateurish, it should raise a flag.
Bad grammar: Look for things like poorly constructed sentences, misspellings, or misuse of singular and plural words.
Visit the identification pages: Visit the Contact Us and About Us page. See the e-mail identifier indicated there. A genuine entity will always have their company name as their domain name and not Gmail credentials. If so, it should trigger an alert.
Do not provide sensitive information – Beware of providing personal and sensitive financial information, account numbers, or credit card information on a website that has not been verified by you.
Look for the trust seal on the website – A trust seal indicates that the website you are on is safe. This seal is a stamp approved by a security partner, certification authority, or certification authority, which confirms the legitimacy of the website. Clicking on a legitimate trust seal will take you to a page that confirms its authenticity.
What happens if you have been the victim of this scam?
Despite awareness of website fraud, if you ever fall prey to a malicious website, you need to take immediate action:
• You must report it to your nearest police stations
• Log on to https://cybercrime.gov.in/ or call the 24/7 hotline on 155260 to report it
• If you signed up for a recurring transaction, call your credit card / financial provider and block the card for future transactions.
• Update your account information and change your passwords
• Contact the original company that the impostors claimed to be from and report the incident.
Fight cybercrime by being vigilant. As they say, prevention is better than cure.
The author, Fakhari Sarjan, is Chief Risk Officer at Bajaj Finance Ltd. The opinions expressed are personal.