In today's interconnected world, cyberspace has become integral to our daily lives. We go online (some 'addicted' people are online 24x7!) for almost everything-from shopping and banking to socialising and working. However, the convenience of the digital age comes with an increased risk of cyber threats, particularly from fake websites and apps. Almost all fake websites and apps impersonate original entities or businesses to deceive unsuspecting (read: majority) users.
According to security experts, thousands of fraudulent websites and mobile apps are built every day to lure visitors into giving away their personal and financial information, buying products that do not exist, or downloading malware that disrupts their devices and data. Most of these activities fall under phishing scams, where clicking a link in the message or communication takes you to fake but real-looking sites or mobile apps.
One reason for the rapid increase in fake websites and apps is the easy availability of resources to build a website or mobile app. There are several free tools available online to help create a website or mobile app within a short time. Similarly, there are many platforms that allow the hosting of these fake websites or apps for a minimal fee. Except money (yes, that needs to be paid upfront!), cybercriminals use dummy credentials to create fake websites or apps and vanish at the first hint of trouble. This combination of factors allows fly-by-night websites and apps to deceive users.
A few days ago, a member of
Moneylife Foundation who became a victim of online investment fraud told me how he was deceived into downloading an app, ASAMTOP (please refrain from downloading and using it), through a dubious link. When I checked, the app was unavailable in Google’s or Apple's official app stores. However, I found the app mentioned on a website that provides resources to developers and coders. The app appeared on the portal just a few days before this victim was told to download and use it for financial investments. It is listed under Android tools and utilities. Some other portals mention the app as an alternative for calculator or unit conversion. However, as the victim described, the app was modified and used as an investment or trading app to deceive.
According to the US Army Cyber Command (ARCYBER), which operates and defends army networks in that country,
scammers can easily create phoney websites that look very real . "They may even include phoney reviews and a fake address -- or even the actual street address of an unsuspecting business -- to snare victims. For example, online stores that advertise incredible deals but steal payment information or trick visitors into buying fraudulent or non-existent products or webpages that look like the login pages to services or popular websites."
Let us first understand how to identify fake websites or mobile apps and then look at how one can protect from these threats.
What are fake websites and apps?
Fake websites and apps are malicious digital platforms designed to mimic legitimate ones. They often appear authentic and can deceive even the most vigilant users.
These platforms are created with the intent to:
Steal personal information: Phishing sites and apps collect sensitive data such as usernames, passwords, credit card numbers and other personal information.
Distribute malware: Some fake sites and apps infect users' devices with malware which can lead to data theft, unauthorised access and further spread of the malware.
Financial fraud: By imitating legitimate e-commerce sites or banking apps, cybercriminals trick users into making payments for non-existent products or services.
Common Tactics Used by Cybercriminals To Lure Users to Fake Websites and Apps
Cybercriminals employ various tactics to create convincing fake websites and apps.
Spoofing legitimate websites: These websites have similar URLs, design and content as the authentic ones. For instance, a fake website might use 'amaz0n.com' instead of 'amazon.com'.
Using the Cyrillic alphabet in URLs: Fake URLs with Cyrillic letters can be created by using a technique called homograph spoofing. Homograph spoofing involves using characters from different scripts, such as Cyrillic, that visually resemble characters from the Latin script. This technique is used to create URLs that appear similar to legitimate websites but lead to different destinations. For example, you wanted to visit whatsapp.com but instead ended with ha sapp.com. If you look carefully, the letters' w' and 't' are replaced by the Cyrillic letters 'щ' and 'т' in the bogus URL.
Phishing emails and messages: Fake websites often use phishing emails to lure victims. These emails appear to come from trusted sources, urging recipients to click on a link that leads to the fraudulent site.
Clone apps: Malicious apps are designed to look like popular apps available on official app stores. Once installed, they can steal information or install malware.
SEO manipulation: Some fake websites use search engine optimisation (SEO) techniques to appear high in search engine results, increasing the likelihood of being visited by unsuspecting users. It happens mostly when you try to find information online through a search engine.
How To Identify Fake Websites and Apps
Awareness and vigilance are your best defence against fake websites and apps.
Here are some tips to help identify fake websites and apps...
Check the URL: Look for slight variations in the URL, such as misspellings or added characters. Secure sites typically start with 'https://' rather than 'http://'. The URL must have 's' that denotes security.
Analyse content, text and language: Poor grammar, spelling mistakes and low-quality images can indicate a fake site. Legitimate websites usually have professional and well-polished content.
Look for contact information: Genuine websites provide clear contact information, including physical addresses, official email IDs and customer service numbers. Fake sites often lack these details or provide generic contact forms.
Use official app stores: Download apps only from official app stores like Google Play or Apple App Store. Avoid third-party stores or weblinks which are more likely to host malicious apps.
Read reviews: Check user reviews and ratings before downloading an app. Many negative reviews or complaints about security issues can be red flags.
Verify certificates: Legitimate websites often have security certificates. To ensure authenticity, check for a padlock symbol in the browser's address bar and view the certificate details. It may sound strange, but many government websites do not have the necessary security measures and lack encryption support.
For example, sjsa.maharashtra.gov.in, the official website of the ministry of social justice in Maharashtra, does not supply ownership information. It also does not support encryption for the pages, due to which information that you may view or access can be seen by others during the transit.
Be sceptical of unsolicited links: Avoid clicking on links in unsolicited emails or messages. If you need to access a website, type the URL directly into your browser.
How To Protect Yourself
Protecting yourself from fake websites and apps requires a proactive approach. Here are some suggestions to enhance your online security…
Use security (anti-virus/anti-malware) software: Install and regularly update anti-virus and anti-malware software or apps on your computer, laptop or mobile device. These security tools can detect and block malicious sites and apps.
Enable multi-factor authentication (MFA): Use MFA wherever possible. It adds an extra layer of security by requiring a second form of verification in addition to your password. Use authenticator apps like Microsoft or Google Authenticator. These apps generate six-digit passcodes (authentication codes) on your mobile device (if you are using the app) or web browsers to help sign in for online accounts.
Use strong, unique passwords: Create complex passwords with a mix of letters, numbers and symbols. Avoid using the same password across multiple sites.
Enable browser security features: Most modern browsers offer features like pop-up blockers, anti-phishing tools, and warnings for suspicious websites. Make sure these features are enabled.
Regular Back-ups: Regularly back up your data to an external drive or cloud service. In the event of a malware infection, you can restore your data without significant loss.
Monitor financial statements: Review your bank and credit card statements regularly for unauthorised transactions. Also, do not ignore emails or SMS sent from the official ID of your bank or credit card company. Do report any suspicious activity promptly.
Educate yourself: Stay informed about the latest phishing scams and cyber threats. Remember, cybersecurity awareness is crucial in recognising and avoiding fake websites and apps.
The digital landscape is rife with threats from fake websites and apps. However, by staying vigilant and taking proactive measures, we can significantly reduce the risk of falling victim to these malicious entities.
Stay Alert, Stay Safe!