How to Identify a phishing website?

Protecting yourself from harmful threats online like phishing website is a constant battle in this day and age. Security researchers and media outlets have a nearly never-ending list of topics and incidents to cover that acknowledges that we’re not safe online.

In 2016 Q4 alone, phishing attacks have increased by a staggering 500%, claimed by a report by proofpoint.

GreatHorn’s 2017 Spear Phishing Report revealed that 91% of cooperate related phishing attacks are display name spoofs, adding that on average they receive one dangerous message per day. It is expected to be inclined in upcoming years. But with few tricks one can identify phishing websites. Here are the top tips to follow while browsing suspicious website:

  1. Check the URL

    The first step is to hover the cursor over the URL you received from mail to test the authenticity of your web address. 

    You can look for a padlock symbol in the address bar to verify that the URL begins with ” https:/” or ‘ http:/.  The only difference is that “https:/” means that the web address has been encrypted and protected with an SSL certificate.

    You should also give attention to:
    – The base domain of the website
    – The full URL of the website
    – The website registration details (web site owner & date registered)

  2. Analyse Website Content

    When attacker is trying to forge an official website, there are certain things it would miss like:
    – The site will look little offset
    – Spelling Mistakes
    – Grammatical
    – Low resolution images

    In an official website feel is very standard, sites is made with details in mind on the other side phishing website will miss some of the factors. This gives a big red flag that it is a phishing website.

  3. Payment Methods

    An official website will always accept online transactions via different platforms and certain debit cards are accepted. If the mode of payment is only via bank without any more details it should be flagged as it might be a phishing website.

  4. Research

    If anyone is feeling suspicious about any website , they should start with looking at the website directly. Also consider looking at the website’s WHOIS information. It lets you check who is the owner of the website and other valuable details which can help you distinguish between an official and phishing website.

  5. Contact Us Page

    Contact us page is very essential for any service. In an official website contact us page will contain ample amount of information like postal address, contact number, helpdesk or contact email address and social media channels. If none of them are present, the site can be phishing and should be treated as highly suspicious.

Short Case Study

Below is a snapshot of a phishing page targeting Metrobank of philippines. It’s received by their customers for updating their password. If looked carefully the following things can be seen clearly:

  • Page is hosted on http and not https.
  • URL seems legit.
  • Page looks a little offset.

When analyzed further:

  • It had no home page,no contact information page.
  • This was the only page hosted on the domain.
  • The links on the phishing page are disabled.

These types are cases are very much common and it is tough to tackle this problem without a proper strategic plan. Use TIKAJ’s Anti-Phishing solutions to intercept and minimize phishing problem in your environment.

Scroll to top