The internet has transformed the way we commute, shop, and make payments. With just a few taps, a world of convenience is now within our reach.
However, this gives way to a new breed of criminals who try to trick customers. Through a practice called phishing, fraudsters copy a legitimate website and bait people into giving them sensitive information.
What is phishing and how does it affect you?
The term “phishing” originated from “fishing” which involves using lures or baits to catch fish. Online, phishing websites work by imitating credible websites such as banks and other financial institutions. Phishing messages look just like the messages you would get from these websites, so you will feel comfortable giving them personal information.
A phishing website generally tries to get the following information:
- Passwords
- Birthdays
- ID numbers
- Debit or credit card numbers
- Passport numbers
Legitimate websites, especially banks, already have these account details on file and do not have the need to ask for it online.
Once they have your data, they can use it to make unauthorized purchases or make funds transfers. You could potentially lose all the money in your bank account if they get ahold of your debit card, or get thousands of pesos charged to your credit card.
To the untrained eye, phishing websites looks a lot like the original. Criminals are very deceptive and can easily trick those who do not pay much attention to small details. The following practices can help you tell if a website .
1. Check the address bar on your web browser
The address bar can help you identify if a website is credible. Watch out for unusual things on the website URL such as misspelled words or extra characters that make no sense.
[caption id="attachment_5416" align="aligncenter" width="287"]
Seeing a padlock icon on the left side of the address bar indicates that the website you are accessing has an SSL certificate. This means data for processes like credit card payments are kept safe.[/caption]
On the address bar, you should also observe if the website that you are accessing uses an “http” or “https” prefix. Websites with “https” prefixes are more trustworthy than those who are using “http” because an SSL certificate is required before a website can use “https”.
An SSL or Secure Sockets Layer Certificate protects the data for processes such as credit card payments, data transfers and logins. Once a website is certified, a secure connection with the browser is established.
Seeing a padlock icon on the left side of the address bar also indicates that the website you are accessing has an SSL certificate. If there is no padlock or the padlock displays a broken symbol, this means that the website does not use SSL.
The SSL certificate isn’t a 100% guarantee of safety though. Many phishing websites also obtain the padlock icon by getting certificates from irreputable authorities. Remain cautious about suspicious websites, even if they have the padlock icon.
2. Observe the spelling and grammar
Legitimate companies have a content management team who makes sure that information posted on their website are complete and accurate. Scam websites often have misspelled words, grammatical errors and broken English. Seeing these excessive mistakes should be considered as a red flag.
3. Look for the company’s contact details
Websites who do not have contact details on their pages are most likely designed just to get customer information. Legitimate companies always have their office address, email, and contact number displayed on their website for customer inquiries. If the company is based in the Philippines, check if they have a physical office address.
If a website displays contact information but you still have doubts, give them a call and ask questions about their business.
4. Check site ownership information through the domain WHOIS
To find out the registered owner of a domain or website, you can do a WHOIS search at sites like who-issearch.com. This lets you see who purchased the domain, when it was created, when it expires, and contact information about the registrant.
This lets you determine if the contact person is connected to the company represented on the site. You can use LinkedIn to verify this person’s identity.
The presence of phishing websites shouldn’t stop you from enjoying the convenience of online services. Being vigilant, critical, and cautious can keep your personal information safe and secure.
