Website 101: How To DETECT Fake OR Fraudulent Websites
The CYBERCRIME Industry was valued USD 3 Trillion way back 2015 and by 2025, it is expected to be a USD 10.5 Trillion Industry, whew. And even as we speak now, it continues to run unabated, galloping with the huge strides NOT even your prized stallion can run parallel. So, in the midst of our Christmas holidays, why DON'T we spend a fraction of our time for Website 101: How To DETECT Fake OR Fraudulent Websites๐๐๐This is a snapshot of the actual email received by John Podesta, Hillary Clinton's Chief of Staff, His faux pas? He reacted [I'll say, he PANICKED] with this alert and clicked the "CHANGE PASSWORD". The consequences and ramifications of this action caused his account to be compromised [Imagine the tons of confidential emails in the Clinton Presidential Campaign that were unduly exposed] !@#$%?
Most browsers abide by a concept called the 'LINE OF DEATH', meaning, a user should NEVER trust anything below a certain point on the browser, called as the 'LINE OF DEATH'. An attacker can control everything below the line so you have to know where to look for reliable information. An ATTACKER can control are highlighted in RED and numbered:
- FAVICON - This is the website's ICON
- DOMAIN NAME - This is the URL which you must CLEARLY KNOW IN DETAIL
- FILE PATH/DIRECTOR - You must know if the correct website includes this info
- WEB CONTENT - This can contain any info the attacker wants it to be, includes a convincing spoof of a legit website
This 'PAYPAL' site is FRAUDULENT & FAKE and yet it's almost impossible to tell the FAKE site from the real one unless you are 'spot on' and incisive with the site details. Take note that for this fake PAYPAL site, the domain name is 'getbill-service.com' and if you're NOT detailed enough, you'll be 'DEAD IN THE WATER', And with the advent of free SSL services and recent changes in browser indicators, it is now much easier than ever to disguise phishing sites as legitimate✅✅✅
For us as end-users to be comfortable in our browsing, being non-technical is a NON-ISSUE but the fact is, you need to have the sound fundamentals to know:
- PROTOCOL
- DOMAIN NAME
- SUB-DOMAIN
- TOP-LEVEL DOMAIN
- FILE PATH
One last point. Check CONNECTION SECURITY indicators. Back to the address bar. If the last point didn't underscore the importance of this browser feature, this one should drive the point home. Within the address bar are several connection indicators that let you know whether your connection with the website is private❎❎❎
The loophole of HTTP was fixed when Secure Sockets Layer [SSL] was succeeded by Transport Layer Security [TSL] a.k.a. HTTPS
In summary, with the PADLOCK ICON or the Extended Validation SSL Certificate [EV SSL] is the highest form of SSL Certificate. The loophole of HTTP was addressed when Secure Sockets Layer [SSL] was succeeded by Transport Layer Security [TSL]. Hoping all these info will help to improve and reinforce your website security awareness from hereon. Meanwhile, wishing for your smooth preparations for Christmas❗❗❗
No comments:
Post a Comment