One of a hacker’s favorite tools for stealing your information is the phishing scam. Whether it’s through email, texts or on social media, sooner or later you will run into messages that try to trick you into clicking on links to malicious websites.
Most of the time, you can spot and avoid these scams if you know what to look for. Unfortunately, you won’t always spot a phishing scam and might click a link that takes you to a malicious website. But what is a malicious site anyway?
A malicious site is a site that tricks you into giving away information or downloading a virus. Or it might have code that finds and exploits security holes in your computer. If the site can find a security hole, then it can download a virus to your computer and install it without any action on your part.
Even a legitimate site can become malicious if hackers trick the ad network it uses to run infected ads.
If the hackers have done their job right, detecting a malicious site isn’t easy. However, there are some telltale signs you can watch for. Let’s take a look at what they are.
One popular type of malicious site is the fake banking site. Hackers will steal the code for a bank’s home page, so it looks exactly like the real thing. However, if you try to log in, the site records your login information and sends it straight to the hackers who log in to your real account and drain it.
We’ve said it before, but we’ll say it again: Never ever click on a link in an email or text to go to your banking site. Always type in the address manually or use a bookmark that you know is legitimate.
However, to further confirm you’re in the right place, check the address bar of your browser. First, make sure the domain name is right. For example, Chase bank is “www.chase.com,” not “www.chase-bank.com” or “www.chase.bk.”
Second, any real banking site should start a secure connection right away. That means the address will start with “https://” and your browser should show a key or color to indicate a secure connection. Most sites, however, don’t load encryption right away, so this is a less useful test for a shopping site or informational site. That’s why you should look at …
Of course, not every site is going to be a high-quality clone of a real one. Hackers often put together a bunch of generic sites at once and thrown them online with whatever domain names they can get their hands on.
So, you might end up at “www.amazingsuperawsomefreesoftware.com” and it looks like something from the ’90s with terrible layout and bad grammar and misspellings all over the place. True, a lot of small software developers don’t have a lot of money to sink into a nice website, but poor presentation should always give you pause.
Outside of presentation, it’s helpful to ask what the website trying to get you to do. Does it want you to download a program, take a survey, watch a video or give it information so it can send you money or a free prize? Any of these could be an attack.
If the site is offering a specific piece of software, or a few of them, run the software names through Google to find the developer’s website. A lot of hackers take free software, add in viruses and then put them up online at generic sites.
People searching for the software end up on the generic site and download the infected program thinking it’s the real thing. Even some “legitimate” download sites do this using toolbars and other third-party software instead of viruses. If you got a download that includes a toolbar and you can’t get rid of it.
When it comes to surveys, never take ones from sites you’ve found in an ad or email. They’ll ask for too much information. Instead.
Video scams are popular. You’ll be told the video is the most shocking, heartwarming or sexiest thing you’ve ever seen. However, to watch it you need to download an update for your video player! Of course, that download is a virus in disguise. Only watch videos on known sites like YouTube or videos.komando.com.
Finally, a big draw for many people is free stuff, especially on Facebook. “Get a free iPad, car or trip to an exotic location!” You just need to enter every bit of personal information you have, and pay a small fee. Remember, though, if it sounds too good to be true … you know the rest.
BONUS: AVOID MALICIOUS SITES ENTIRELY
As we said above, some malicious sites don’t try to trick you; they attack you automatically through security holes in your browser. That’s why you need to make sure your computer, browser and important software are always up to date.
Adobe Flash, for example, has regular serious security problems that open up your computer to attack. Keeping it updated is critical, but your best option is to disable it from running automatically.
Still, it’s better if you don’t land on a malicious site at all. That’s why you need to learn how to spotphishing emails and dangerous online scams.
It’s also a good idea to have a backup plan. Security software that detects malicious sites before they load is a good thing to have. We recommend our sponsor Webroot. It guards your PC, Mac, smartphones and tablets from phishing scams, viruses and malicious websites with one program. No need to mix and match programs and apps from different manufacturers