How Bogus Websites Are Made
It's extremely easy to make any random website look just like one you're used to. Try this: go to your favorite website and right-click the mouse over some empty space. See this menu?
Mine will probably be a little different, but you get the idea right?
One of the options is to "View Page Source" or the source code of the page you're viewing. That means I can easily cut and paste the code that makes any page look like it does. That means that if I were to register Neweg.com (which is one letter off of the real Newegg.com), I could have a completely fake, but very real looking, website waiting for you.
Once you tried to log in and I captured that information, I could redirect you to the real site and you'd never know the difference until I had made a bunch of purchases in your name (I'll be talking about shopping online in later sections of this guide).
The two main ways to get you to my new trap-site are Phishing and somewhat (though far less common) misspelled addresses.
I already talked about phishing e-mails in my other guide, so let me explain the other. Say you were to buy a website domain that sounds like or is just a few letters off of a major website. Either that or you register a site with the same name, but different ending.
Do you think there's a big difference between Hotmail.com (Microsoft's e-mail website) and Hotmale.com (Gay XXX hardcore)? Yes there is. There's also a big difference between Whitehouse.gov and Whitehouse.com
No porn here
Not something you want to find accidentally
In these cases, you might embarrass yourself at work or when trying to show the kids how to get involved in the political process, but these aren't going to drain your bank account. But the reason I bring it up is that you can use the same trick to defend against both of these problems.
The Search Engine Trick
Uh oh.... heading for trouble here.
So whether phishing to a site that's really going to rob you or misspelling your way to something really embarrassing, the solution is the same. Sure you can use your known-safe bookmarks to get to your major websites and services, but my recommendation is for when you type an address directly into your address bar.
Instead of typing addresses directly, type the site you want into a search engine instead? Sound like a pain? Well, let me give you three good reasons why this is a good idea:
Get the search engine involved!
1. Fakes Don't Float
No fakes to be found
If the thing you're going to is a major site of any kind, it will always be listed in the first few links. Banks, webstores, charities, etc. Search engines make money by helping you find real stuff and culling the fake. In other words, it's their job to make sure you never see a bogus site in a search listing (certainly not on the front page).
2. Malware Protection
Google at least (and probably others) have built-in protections to help keep you away from bad sites. If you do accidentally click a link that leads somewhere bad, Google will attempt to stop you with a warning like this:
Stop! Don't proceed!
What this means is that Google has already checked the site for bad stuff and found it. Proceed at your own risk!
3. Site Scanner Functions
You see those cute green check-mark icons at the end of all my results? That's a function of my Anti-Virus which has a function that tests search results for safety. If the linked site is a known bad-guy, it warns me with a yellow or red icon instead.
Yellow is bad and red is worse
When you see the different colors, you can click them for details, but generally, it's best to avoid anything that isn't green. Many anti-virus programs have this feature.
Once you're sure you're on the right webpage, bookmark it if you want, but any time you're tempted to type a url, take a second and click the home button or open a new window (which opens with your homepage) and type it into a search engine instead.
The three great protections against bad sites listed above only work if you use a search engine and not when typing a website address directly.
Tags: Bank of America