Popular warning

How to recognize scam websites

In recent years, fraud has appeared more and more, causing severe mental and financial consequences for many people. One part that plays an important role in scams is phishing websites. In the article below, Anti-Fraud will guide […] from How to recognize scam websites

Avatar photo

by Editor

schedule 22/10/2023

In recent years, fraud has appeared more and more, causing severe mental and financial consequences for many people. One part that plays an important role in scams is phishing websites. In the article below, Anti-Fraud will guide people how to recognize fraudulent websites and fake websites that have the risk of stealing property and personal information through signs such as: links, content, Announcement on website…

1. How to quickly identify scam websites through malicious links

First, everyone please check the web address. This is the fastest method among ways to identify fraudulent websites. Be wary of links with the following signs:

  • Spelling error:
  • Inaccuracies, missing or extra characters, or replacing some characters with similar characters (like "l" replaced by "1").
  • For example: shopeepv.com, fptshopvn.com
  • Domain name yes prefix or suffixes use strange characters.
  • For example: https://suamaylanh.dien-may-xanh[.]net
  • A subdomain tries to mimic the domain name of a legitimate site:
  • For example: https://shopee.sukientriankhachhang2021.com/
  • In there shopee is the subdomain, the actual domain name is sukientriankhachhang2021[.]com
  • Domain reliability:
  • The page extensions .com, .org, .gov (government), .edu (education and training)... are usually top-level domains that can be trusted, but you also need to be careful when accessing them if you There are suspicious signs of theft or collection of personal data.
  • So it's a good idea to confirm everything.
  • Meanwhile, less popular top-level domain extensions such as .info, .asia, .vip, .tk, .xyz... often have quite low reliability.
  • Domain names with top-level domains have low trust. For example: https://www.shoppe8.vip, top-level domain is .vip or https://vngame.xyz has top-level domain is .xyz
  • Furthermore, domain names that have been recently registered or are of low age often show signs of suspicion, so be careful and do not rush to trust them when trading or sharing information.
  • Everyone can check domain name information at who.is.
  • Path to use international domain name (IDN) to deceive victims
  • For example: fàcebook.com – the letter “à” is a special character (real domain: xn--fcebook-8va.com)
  • Use a domain shortening service
  • For example: bitly.com, cutt.ly, shorturl.at
  • These types of scams based on phishing links should be careful and not click on them
  • If you are curious, you can use: browserling.com or urlscan.io to check the link.
  • Taking advantage of Sub-domain Takeover vulnerability (subdomain takeover) to lure victims:
  • Occurs when a subdomain (e.g. subdomain[.]congtya[.]vn is takenover) pointing to a service such as GitHub, Heroku, Azure sites, etc. has been removed or deleted on Github, Heroku, Azure,…
  • This allows an attacker to set up a fake website on the service being used and point their site to that subdomain to trick victims.
  • Long domain name intended to mislead users.
  • For example: web-membbership-free-quatangtiki.com
  • Open redirector path to deceive the victim and then redirect the victim to another page to commit fraud
  • For example: t-info.mail.adobe.com/r/?id=hc347a&p1=luadao-shop.shopeesvietnam.net –
  • Use a free website creation platform for fraudulent purposes
  • For example: https://vedepsinhvien2021.weebly.com, https://sites.google.com/view/www-freekcff-vn-com/ or https://westernunionbankvn.wixsite.com
  • Use a reputable fanpage:
  • Sometimes bad guys invest in fanpages (sometimes even with green ticks), then change the fanpage's name to a reputable brand or a name similar to a company or e-commerce site.
  • Next, use many virtual accounts to create fake comments to create trust - most of these comments often have the same content and are shared continuously over a period of time.

2. How to recognize fraudulent websites through the website interface

Everyone, please look carefully at the web interface. How to recognize this scam website is very easy to recognize because the real website usually has a very professional interface, compatible with both phones, laptops or tablets.

Pay attention to elements such as logos and backgrounds and make sure they are not fake versions (differences in details, colors) or outdated versions (using old version images). A website that uses images that do not comply with brand standards is definitely an unsafe website.

3. How to recognize fraudulent websites based on content on the web

Please pay attention to web content. Unsafe phishing websites will reveal the following weaknesses:

  • Information about the website owner is incorrect.
  • For example, a fake website may use the correct business name but provide a bogus call center number or address.
  • In Vietnam, you can look up company information at: tratencongty.com
  • If you see a Ministry of Industry and Trade logo on a website that concerns you, try clicking on it!
  • If you find that this function does not work, please access the “E-commerce management system” under the “Ministry of Industry and Trade” at online.gov.vn and check if they are certified trust seal users.
  • The content contains spelling errors.
  • The reason is that fake websites often do not carefully censor their content.
  • Or, these pages are created by bad actors in foreign countries who are not fluent in the language used for the scam.
  • Pay attention to links to a website's social media pages.
  • Social media link buttons can lead to the site's home page, an empty profile, or nowhere at all.
  • Usually, if the website is a scam, the scammed user will often publicly comment to help you identify it!
  • However, you should also be careful with fake comments/comments/buying reviews that scammers have created using fake nicks.
  • Check to see if a secure payment method is offered?
  • There are many types of payment such as credit cards, debit cards, PayPay, Zalo Pay, Viettel Pay, VNPay... to protect consumers. They allow consumers to get a refund in case the product is not delivered. Check to see if the site supports these payment methods. If you have doubts about the reliability of a website, do not transfer money to a bank account.
  • Payment methods such as Western Union, Moneygram and Bitcoin often cannot be tracked and it is difficult to recover funds transferred using these methods. As a result, scammers often take advantage of these methods.
  • Who delivers the product?
  • Check if delivery information (shipping unit, delivery person) has been updated on the website.
  • Not all, but most reputable sites will offer shipment tracking. Shipping details can also be mentioned during the checkout process.
  • If shipping information is reliably detailed, this can be a good sign.
  • Do you see 'https' in front of the website address and a 'lock' symbol?
  • In this case, the communication between the website and your browser is encrypted, making the website a little safer to use.
  • This cannot guarantee that the website is not fake. Because in reality, the cost of adding an SSL certificate (what you need to secure information) is very cheap or sometimes bad guys can use SSL for free.
  • Check out Terms & Policies and contact information
  • Scammers often use copied text that they paste into pages such as “About Us”, “Terms & Conditions Shipping Policy” and “Returns Policy” to create a professional appearance .
  • If you find that these pages do not exist or are of poor quality (for example, they have spelling errors), think twice about shopping on the site!
  • Do you really think a business would put out incomplete or sloppy writing if it were legal?
  • Check their contact address, phone number or email on Google to see if there are any related scandals, or to see if there is any information of interest through the returned search results.
Taking advantage of big brands to commit fraud
  • Taking advantage of brand names:
  • Many fraudulent websites take advantage of brand names such as Shopee, Vietcombank, Techcombank... combined with words such as "discount", "cheap price", "super promotion" and even "free" to Attract visitors through search engines. Brands often don't like to see their products sold through these types of online stores. High-end brands rarely or never sell their products at such sites or offer huge discounts. Likewise, most serious online stores sell multiple brands and do not tie them to a certain brand
  • Pay attention to the look and feel of these websites. Legitimate websites have high-quality logos and images, because brands want to impress you with their products. Scammers often steal content such as images and product descriptions from a variety of sources. This can mean that the look and feel of a website may look unprofessional, with odd-looking formatting or low-resolution images.
  • Check user reviews or is the purchase trustworthy?
  • Online stores often use some sort of user or purchase review system – which is usually a good sign. However, there are some rating systems that are good and some that are not. Check that the review system complies with the “Review Certification Standards,” which means the site cannot remove or edit reviews without good reason.
  • Many fake websites have a “Reviews” or “Testimonials” section filled with “fake” positive reviews. They contain random names of few people, use images taken from random sources, and content is often copied from other websites. So, don't rely on website reviews alone. Sites like Scamadviser, TrustPilot, MyWOT and others allow users to leave reviews that companies cannot delete or edit. Checking out external reviews is one way to get a clearer picture of what customers are actually saying.
Scamadviser.com is a reputable website that provides safety assessments of websites around the world.
  • Does the website ask for sensitive information?
  • If a website requires sensitive information such as date of birth, certificate number, citizen identification card... Or requires posting images of identification documents on their website. It is necessary to stop and think why they need this information.
  • Always be careful with unofficial websites that immediately require you to log in with your personal Facebook, Google or bank account information to take the next steps. Bad guys always take advantage of your greed, naivety and trust to steal information.
  •  When you are not sure about the above information, please contact the online store immediately
  • A good website knows its customers want to communicate in different ways. Check to see if the company offers a phone number, email or contact form and is active on social media. Call the company if in doubt or send a request for more information via email or via social media. A professional website usually responds within a few hours or a maximum of two business days depending on the means of communication.

4. How to recognize fraudulent websites through notifications on the web

Everyone should be wary of notices with 'sensational' content on the web. Remember that nothing is given for free, don't rush to believe.

Fake websites will often 'lure' people by making notifications that make people too scared, or too excited. For example, notification of transaction problems or notification of winning prizes, promotions, gifts, etc. Along with that, it requires people to enter their account information, password, and credit card number for verification.

Remember, a real website will never confuse people.

In addition, people should also be careful with invitations to download software on unfamiliar websites, especially in the following cases:

  • The invitation to download the software comes with a notification that the device is infected with a virus.
  • Offers to download expensive copyrighted content for free.
  • Invitation to download 'super software' (like increasing computer speed, cracking Wi-Fi, hacking facebook, gmail, game accounts...).
  • Invitation to view sensitive content, exploiting kindness, and shocking sensational news
  • Invitation to join and make money quickly, refer friends to receive high commissions.

5. How to recognize fraudulent websites through browser warnings and check the site's reputation

When people install the Anti-Phishing extension, their computer's browser will pop up a warning dialog box as soon as they visit a phishing, fake website. Or when people visit a scam site, the page may be highlighted in red, meaning the site is unsafe and a scam. This is a way to recognize the latest scam website developed by Hieu PC and his teammates. So do not continue to press access but turn it off immediately. An easy solution is to take the time to search for that specific website through a search engine that, in addition to Google, we can also search on Google. MyWOT.com, Scamadviser.com, Chongluadao.vn, TinNhiemMang.vn. If you receive an email or text message asking you to click on a link, you should manually navigate yourself to an official website you know to ensure that you are not entering a fake website in the email or text message. that.

Everyone can contribute to the warning list and protect everyone online, everyone should report unsafe websites to Google at: https://safebrowsing.google.com/safebrowsing/report_phish/? hl=en, or in Vietnam we have the following units and organizations to report malicious, fake, fraudulent pages and related issues - people can go to one of the following websites to report right: https://canhbao.ncsc.gov.vn/ or https://chongluadao.vn. At the same time, you can check the safety and reputation of a site at: https://chongluadao.vn and https://tinnhiemmang.vn

Stealing personal information

6. Other issues of concern that have recently shown signs of increasing

Run dirty ads on social networking platforms, or Google to promote their scam site. And at the same time make promotional videos on Youtube to lure victims.

Selling codes for rare items at cheap prices, selling cheap military badges, warning about locked accounts. These forms all have the same form of requiring online payment or providing an account password. When you log in to fake websites, you are likely to lose your account information, leading to gems and other in-game items being sold. Taking advantage of greed, fear, etc., these sites cause victims to lose their Facebook accounts, Email accounts, game accounts, bank accounts and phone scratch card scams.

In addition, it must be added that because technology is increasingly developing, bad guys can easily take advantage of it to create fraudulent websites in the blink of an eye through open source code, fraudulent source code provision services, and rental services. Cheap hosting services, buying cheap domain names with fake identity information... or bad guys can use centralized phishing web creation platforms (Phishing as a service).

Still not sure? Do not make payments or provide information!

When in doubt, do not make payments or provide information to that website! Our advice here at Chongluadao is that if you're still unsure, it's better to err on the side of caution and follow your intuition. Don't let a high price sway your judgment. If you still have doubts about that website, look for other trusted stores or websites to buy from.

Above are 5 ways to recognize websites that scam users. Everyone, let's join Anti-Fraud to raise awareness about cyber information security!

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *