Just like technology, the omnipresence of the internet and smartphones have eased our lives. However, this comes at a cost. We are now more susceptible than ever to the perils of the cyber world. If the internet has made our life so comfortable that we can get everything from the comfort of our couch, it has also exposed us to dark malicious imposters out there waiting to entrap us.
The number of scams related to fake websites is on the rise with each passing year. The scammers are seeking sensitive information or data, through which they try to dupe the customer. There are instances where the scammers are also asking for payment of advance processing fees to offer the loan. The fraudsters have gone a step ahead by pretending to be employees of reputed organizations selling insurance to spoofing website domain names and impersonating social media accounts of reputed brands. It is, thus, important that we be on our guard and don’t fall for everything the internet throws our way.
What is fake website fraud?
As the name suggests, a fake website fraud involves using a scam website to con people. The scamming can be under multiple premises such as attractive fake sales, bank website offers, the government website for updating information etc., but the mechanics across all are the same, i.e., getting people to give money. This could be either through a direct purchase or entering personal information that will give illegal access to your bank accounts.
Online muggers will bait users to get to the fake website through SMS, emails, etc., and present an issue that necessitates urgent action from their end to proceed. The situation created will require their credit card information, account login, and other such sensitive data.
The two most popular fake websites examples would be:
Phishing fake websites – The fraudsters create illegitimate websites for financial institutions, service providers and present fake situations to get you to disclose your personal information. This could be insurance renewal at a very low rate, or your Netflix account password reset and more.
Online sellers scam websites – In this scenario, scammers create a fake e-commerce website and sell products at prices that are ‘too good to be true’ in order to get your credit card or net banking details
Another fraud website example is ‘formjacking’ where fraudsters hack an e-commerce website and when one needs to pay, they are directed to a different URL which has an uncanny resemblance to the payment gateway that you’re used to and wouldn’t doubt. They then manage to obtain your financial information.
How do these scammers operate?
‘Offers like never before, dear Bajaaj Finserv member, click on the link to get 75 percent off this weekend on all products.’
‘Dear member, we are writing to you from Bajaj Finaance, please update your personal details on our website or your loan will be cancelled.’
Such a spoof email will be sent to you with a link to a website that seems similar to that of a known company. Here, you will be asked to disclose some sensitive information – account name, password, etc. If a company was ever trying to contact you, firstly they would know your name since you are associated with them and secondly, they would never use a threatening tone or suspend any ongoing transaction with them.
The people who conduct this type of fraud deceive users in 3 ways:
1. Bait or fear: Attackers will lure internet users to their website, through attractive offers via multiple distribution channels. The second emotion they play on is fear, giving ultimatums such as ‘You have 24 hours to reset your password…’ or ‘…24 hours to renew your policy else your account will shut down or insurance will cease to exist.
2. Compromise: They then compromise the users’ position by making the users expose their sensitive information.
3. Execution: Cyber-criminals then exploit private information for private gains.
These are only some of the ways, fraudsters access sensitive information and data to steal your hard-earned money.
How to identify fake websites?
If you follow these tips, you can stay protected by being able to spot fake websites:
Check the domain name carefully: Even though the fake websites are similar to the original ones, if you see carefully, you will end up noticing spelling errors, erroneous or no registered office addresses to understand that the website is a fake one. The website's URL will also disclose its legitimacy – fake website names will have an extra letter or different typecase, which can easily go unnoticed. Look carefully!
The language: If the communication on the email or website tends to evoke extreme emotions such as a sense of urgency, fear, or ‘too good to miss out on’, be on your guard!
Poor design and website interface: Genuine entities, will have a proper design, communication, and visuals. If the website seems amateurish, it should raise a flag.
Poor grammar: Search for things like poorly constructed sentences, spelling errors or improper use of singular and plural words.
Visit the identifying pages: Check the contact us and about us page. See the email ID listed there. A genuine entity will always have their company name as their domain name and not Gmail IDs. If it’s so, it should raise an alert.
Do not provide sensitive information - Be wary about providing personal financial and sensitive information, account numbers, or credit card information on any website that has not been verified by you.
Look for the trust seal on the website - A trust seal indicates that the website you are on is safe. This seal is a stamp approved by a security partner, CA, or certificate authority, which upholds the website’s legitimacy. A click on a legitimate trust seal will take you to a page that confirms its authenticity.
What happens if you have been a victim of this scam?
Despite website fraud awareness, if you ever fall prey to a malicious website, you need to take immediate action:
• You should report it to your nearest police stations
• Log onto https://cybercrime.gov.in/ or call the 24x7 cyber helpline 155260 to report it
• If you signed up for a recurring transaction, then call your credit card/ financial provider and block the card for future transactions
• Update your account information and change your passwords
• Contact the original company the imposters were pretending to be from and report the incident
Do fight cyber-crime by being alert. Like it is said, better safe than sorry.
The author, Fakhari Sarjan, is Chief Risk Officer at Bajaj Finance Ltd. The views expressed are personal.
First Published: IST