CYBERSECURITY giant Kaspersky on Wednesday advised Filipinos to never trust everything online, as fake or hacked websites are becoming more inconspicuous to the untrained eye.

Yeo Siang Tiong, the general manager for Southeast Asia at Kaspersky, cited three signs a website might be fake: mismatch between site name and address; the presence of directory path elements; and the site has a different subject.

He said hundreds of thousands of websites are fakes and they are made to look like the sites of popular online stores, banks, and delivery services, but with just one purpose: to steal people’s passwords and financial data.

Oftentimes, he said, victims are lured by phishing emails, messenger chats, and even paid ads.

In the past, Tiong added, bad actors simply create a website with a name that resembles the original. For instance, the “BusinessNirror” instead of the BusinessMirror.

However, they have now “taken a different route.”

“They hack legitimate sites of any kind, then create their own subsections where they publish phishing pages. It’s very often that small and medium businesses that fall victim to such hacks because they lack the resources to constantly update and monitor their websites. Sometimes a site hack can go unnoticed for years, which is a godsend for cybercriminals,” Yeo said.

He noted that Filipinos may spot fake or hacked sites by first checking on the URL or the link before clicking on it. If it’s a hacked site, the discrepancy will be staring you in the face. The name of the service the fake site pretends to be might crop up somewhere in the directory path,

Second is to pay attention to the tail of the URL after the domain name. Hacked subsections of a site are usually hidden deep within WordPress service directories, so the address will most likely contain elements like wp-content/, /wp-admin/ or /wp-includes/.

Lastly, Filipinos may perform an additional check by going to the home page of the website, if the name seems unfamiliar or suspicious. To do that, delete the URL tail, leaving only the domain name. And this may open the page of the real owner of the site, which will be totally unlike the phishing page both in subject and design.

“It’s critical that Filipinos understand that not everything online should be trusted. There are a ton of websites with information to teach us new things or even save us from difficult situations. But there are plenty of websites that exist to harm us—either to steal our money or worse, steal our identity. Knowing how to spot deceptive websites is one way for us to protect ourselves from cybercriminals,” Tiong said.

Tiong also advised users to always use strong passwords, to enable two-factor authentication on their devices and accounts, and to avail of cybersecurity solutions.

Image credits: AP/Pavel Golovkin





