Security Misconception 4: I’m safe because it’s easy to recognize fake sites

When Kindsight took to the streets, we found five key misconceptions about cybersecurity including the one in this video: I’m safe because it’s easy to recognize fake sites.

The reality is that fake sites are being created at an alarming rate, with criminals using more sophisticated methods to make the sites look legitimate. Criminals have even purchased commonly misspelled URLs and have also been able to duplicate symbols that typically signify a “safe” site.

As reported by CNET in a study by Panda Security, 375 different high-profile brand names were exploited. Banking sites account for nearly two-thirds of fake sites, with online shops totaling a quarter of all sites. eBay and Western Union top the list of brands targeted, with Visa, Amazon, Bank of America, PayPal and the IRS also in the top 10.

These fake web sites are generally created to trick people into entering their login or other personal information into the site. This information is then captured by the criminal, and sold or used to gain access to bank accounts and credit cards to steal money. The sites may also be created to serve as command-and-control servers, which is the case in a long running Western Union attack; or to enable drive-by-downloads of malware to the victim’s machine.

Since the majority of these sites are tied to phishing attacks, the best way to protect yourself is to avoid opening links and attachments in the email. If you receive an email from one of the brands being exploited and want to visit that site, it’s better to launch a browser and type in the real URL for that company. Or if you’re really worried, then call them directly to have your questions answered.

With more than 57,000 new fake sites created each week, consumers need to be careful of all websites they visit as hackers work hard to make them look real; placing a legitimate site is no longer an easy process.