5 Red Flags to Identify a Phishing Website

By Shannon Flynn

When it comes to online security, there’s a perpetual problem: phishing. Many people get phishing content through emails or social media platforms. However, you can also land directly on a phishing website. So what is a phishing site? How can you identify one?

What Is a Phishing Website?

A phishing website is a fake online destination built to resemble a real one. People usually encounter them after receiving scam emails that direct them to click on links and land there. However, people can also land on phishing websites after mistyping a URL or clicking links in social media posts that seem legitimate.

Some hackers purposefully infiltrate genuine websites to turn them into places that are no longer reliable. For example, they may embed malware on the site to steal payment details or infect visitors’ computers. These risks make it necessary to know the telltale signs of a phishing website. Here are some of the top indicators.

How to Identify a Phishing Website

You can go through a five-step process when looking for possible phishing websites. These will largely help you identify and avoid them.

1. Check the Website URL

Begin by looking at the website’s address and seeing if you notice anything strange. Maybe you know the website you want to visit should end in “.com,” but this one’s ending is “.org.”

Some hackers spoof websites so carefully that people don’t think to look at the URL. Everything else looks right, so they keep engaging. However, cybercriminals often create sites with slightly misspelled words or extra characters to catch victims off guard.

2. Go to the Website a Different Way

Many people reach phishing websites after clicking on links in emails or on social media feeds. Clicking on the website through a search engine link can be dangerous, too. Coverage from The Washington Post explained how hackers’ ads often appear at the top of search results. They use those links to send visitors to phishing sites.

One of the easiest ways to verify a website is the real deal is to go to it without clicking on a link. Type out the URL manually and navigate to it that way. Be careful you spell everything correctly, then see if the website appears as expected.

3. Examine the Content

Once you’ve reached a site, look closely at the content. Is it high quality and relevant to the company’s industry? Hackers often put phishing websites up so quickly that they don’t care about well-written content. They don’t expect people to read it, anyway.

It’s also helpful to look for a Contact Us page on the website. One designed to catch phishing victims usually won’t have one; similarly scam sites might not have GDPR warnings. The cybercriminals don’t want any way for angry visitors to get in touch after they’ve been tricked. And cybercriminals wouldn’t leave such an easy trail for law enforcement officials to find them.

4. Watch for Pop-Ups

Virtually all phishing scams try to get people to take quick action. That’s why it’s common to land on a phishing website and immediately see a pop-up window asking you to provide something.

Legitimate websites often have ad-based pop-ups that try to sell you things. However, phishing websites are more likely to request your login details or credit card information.

5. Look for Reviews

One of the great things about the internet is that it gives everyday people a platform for sharing good and bad business feedback. That’s why you should search for reviews of a suspected phishing website. Look for them in places other than the site itself since the hackers may have written fake ones to boost legitimacy.

Once you find reviews, scrutinize them for authenticity. Do you notice repeated words, phrases, or themes? Those are signs of people reviewing websites without being actual customers.

What to Do if You Clicked on a Phishing Website

If you believe a phishing site tricked you, acting fast is critical to limiting the damage. You can flag the site by filing a Google Safe Browsing report. Doing so helps warn others it’s dangerous.

Change all your passwords, and contact your bank if you entered any payment details on the phishing site. File a police report if you provided information that would allow hackers to steal from you.

And if you think something malicious might have been installed onto your device, scan using an antivirus suite. In fact, this is worth doing even if you don’t think anything has been downloaded, as it’s better to be safe than sorry.

Phishing Sites Are Common

You’re increasingly likely to land on phishing sites during everyday internet browsing. However, watching for the warning signs will make you less likely to become a scam victim.