How to Identify a phishing website?

October 26, 2023
Uncategorized

Protecting yourself from harmful threats online like phishing website is a constant battle in this day and age. Security researchers and media outlets have a nearly never-ending list of topics and incidents to cover that acknowledges that we’re not safe online.

In 2016 Q4 alone, phishing attacks have increased by a staggering 500%, claimed by a report by proofpoint.

GreatHorn’s 2017 Spear Phishing Report revealed that 91% of cooperate related phishing attacks are display name spoofs, adding that on average they receive one dangerous message per day. It is expected to be inclined in upcoming years. But with few tricks one can identify phishing websites. Here are the top tips to follow while browsing suspicious website:

Check the URL

The first step is to hover the cursor over the URL you received from mail to test the authenticity of your web address. 

You can look for a padlock symbol in the address bar to verify that the URL begins with ” https:/” or ‘ http:/.  The only difference is that “https:/” means that the web address has been encrypted and protected with an SSL certificate.

You should also give attention to:
– The base domain of the website
– The full URL of the website
– The website registration details (web site owner & date registered)

Analyse Website Content

When attacker is trying to forge an official website, there are certain things it would miss like:
– The site will look little offset
– Spelling Mistakes
– Grammatical
– Low resolution images

In an official website feel is very standard, sites is made with details in mind on the other side phishing website will miss some of the factors. This gives a big red flag that it is a phishing website.

Payment Methods

An official website will always accept online transactions via different platforms and certain debit cards are accepted. If the mode of payment is only via bank without any more details it should be flagged as it might be a phishing website.

Research

If anyone is feeling suspicious about any website , they should start with looking at the website directly. Also consider looking at the website’s WHOIS information. It lets you check who is the owner of the website and other valuable details which can help you distinguish between an official and phishing website.

Contact Us Page

Contact us page is very essential for any service. In an official website contact us page will contain ample amount of information like postal address, contact number, helpdesk or contact email address and social media channels. If none of them are present, the site can be phishing and should be treated as highly suspicious.

Short Case Study

Below is a snapshot of a phishing page targeting Metrobank of philippines. It’s received by their customers for updating their password. If looked carefully the following things can be seen clearly:

  • Page is hosted on http and not https.
  • URL seems legit.
  • Page looks a little offset.

8t5bx205hzxskuphx0pcn5vjvyt3qdcujxcgeheddfs3pclfjigezxvi9ymkdul1vz9brb umk

When analyzed further:

  • It had no home page,no contact information page.
  • This was the only page hosted on the domain.
  • The links on the phishing page are disabled.

These types are cases are very much common and it is tough to tackle this problem without a proper strategic plan. Use TIKAJ’s Anti-Phishing services to intercept and minimize phishing problem in your environment.

http://localhost

Mansoor is a diligent professional with a keen interest in UI/UX, SOC operations, and ethical hacking. He applies a well-rounded approach to his work, balancing the nuances of user experience design with the intricacies of security operations and responsible hacking.

You may also like

  • Home
  • Products

      Platform

      Rete.ai

      Rete.ai

      One Platform. One Solution for External Attack Surface management. Comprehend the threat agents aiming at your organization and bolster your defenses accordingly.

      Products

      DMARC+

      DMARC+

      Know delivery challenges of email & Protect your domain from email spoofing attacks.

      PhishGrid

      PhishGrid

      Educate and train your employees against external threats with real time simulation and interactive learning.

      Orion - Brand Defense

      Orion - Brand Defense

      Protect your brand by eliminating counterfeits using AI Powered Takedown Engine
      Dellect - XDR

      Dellect - XDR

      Detect and disrupt cyber threats with unprecedented speed and accuracy to reduce your cyber risk.
  • Services

      Services

      The strength of your cybersecurity measures directly impacts your brand’s trustworthiness and reputation.

      Our services, reinforces your team’s capabilities and ensure you’re always a step ahead in compliance and security.

      Human augmented Services

      Anti-Phishing Service

      Guard your customers and employees against deceptive phishing and other malicious threats with our Anti-Phishing Service.

      Brand Monitoring Service

      Track, analyze, and protect your brand’s reputation in real-time over dark, deep and surface web.

      Takedown Service

      Protect your brand by eliminating counterfeits using AI Powered Takedown Engine

      Red Teaming

      Challenge your defenses with our Red Teaming Service to uncover vulnerabilities before adversaries do.

Schedule a Demo

Get Secured Today!

Click that button and let’s chat! We promise to turn the murky, often scary world of cybersecurity into a walk in the digital park for your organization. Together, let’s make cybersecurity a piece of cake!