Seven Tips to Find Out if a Website Is Fake and Avoid Online Scams

It is important to know if a website is true when the user intends to buy a product, carry out financial transactions, or enter personal data. Fake websites are often used to scam and steal bank details, passwords, or just facilitate hacking into the computer for further attacks. An example of this type of attack, called phishing, is the links sent in WhatsApp chains with fraudulent promotions.

Fortunately, there are some tricks to make sure that the desired page is real, that it is not fake. See below for tips on what to do if you suspect a cloned or risky site.

1. Check the link and domain

If you received a link by message and you are unsure of the site's identity, look at the domain. This is the core of the address, from which all others on the same site are derived. If that address is at the beginning of the link, however big it is, the URL is likely to be authentic.

However, if the address contains something like techtud0.com.br, with a “zero” in place of the last “o”, be careful - in some cases, a dash ("-") in place of a period (". ") is sufficient to deceive. The homographic scam consists of registering domains that seek to imitate the appearance of famous websites. Keep an eye out for suspicious URLs, like “amaz0n”, “go0gle”. The tip also applies to less popular domains: addresses ending with ".br" ".edu" and ".org" tend to have more credibility than ".biz" and ".net".

2. Search WHOIS

The WHOIS records domains, IPs, and information about the owner of a site. Although it is not always transparent, since it is possible to pay for not making certain information public, the resource allows you to discover CPF, CNPJ, name, address, and other data of who paid to use the address.

In this way, it is possible to unmask a fake website if the data shown there is conflicting. You can check a website registered in Brazil at https://registro.br/2/whois.

3. Do a Google search

If the doubt persists, another simple tip is to do a search on Google. Indicate the name of the store or institution you want to find in order to get the correct link in the first results. As Google feeds the ranking with reputation variables, fake websites have a hard time appearing at the top of the search.

In the case of stores and other commercial establishments, Google usually displays the main data on an information card with buttons for phone, address, and website - a click there guarantees a visit to the page published by the location.

4. Search the site for Google status

In addition to showing real sites first, Google offers a tool that helps analyze the level of transparency for a given link. Access the tool in your browser (transparencyreport.google.com/safe-browsing) and enter the address to be checked in the main field to find out if there are any dangerous elements on the page.

5. Avoid intrusive Ads

Even if the website visited is true, it is important to pay attention to the behavior of the pages. If your connection is compromised - something that can happen when using public Wi-Fi - reputable sites may show content injected by hackers to try to deceive victims. In such cases, the user does not see the pages as they exist, but versions modified by criminals.

Always be suspicious if there are many more ads than usual, most of the time invasive: pop-ups and banners offering products that are too cheap, with pornography on sites that are not the same, or exaggerated alerts about virus infection. If this occurs, close your browser and break the connection even if the website is correct.

6. Make sure the connection is secure

Sites that deal with login, password, payment information, and other personal information must have a secure connection with the HTTPS protocol. Unless you are visiting a blog or other website that does not require your personal data - although it is not recommended - all other websites must use the technology to provide an encrypted communication channel between your computer and the server on which page is hosted.

To be sure that access is protected, look for the acronym HTTPS at the beginning of the address, or check if the browser shows any indication in the address bar: “Secure”, “Verified”, “Protected” seal or the name of the certificate safety lights.

7. Search for security seals

In addition to the HTTPS seal, websites that deal with bank information usually have respected encryption certificates in the body of the pages. McAfee, GeoTrust, Google Trusted Store, PayPal, Trust, and Norton are some of the well-known certificates that may arise.

To find out if they are real, click on the images and see if the website shows the details of the security service offered by the certifier. On fake pages, these stamps are not clickable. But this is not enough without an active antivirus in your device.