Spoofed Websites Are Everywhere. How Can You Protect Yourself?

Staying Informed and Aware Are Both Important, But Only Technology Can Truly Safeguard Your Online Experience

Key Takeaways:

1. Website spoofing—the act of creating extremely convincing replicas of trusted websites for the purpose of defrauding visitors—is one tactic increasingly being utilized by scammers online
2. From early 2017 through mid 2022, US consumers reported 2.5 million incidents of fraud resulting in $2 billion in losses (2)
3. Data shows that younger adults aged 20-39 are just as likely to be victims of fraud as older adults aged 60-79, with younger people actually more likely to lose money as a result (3)
4. Intelligent trust badges from Truly Legit authenticate websites using unclonable technology while further signifying that the company behind the site has been independently verified

As more and more aspects of our lives move online—from shopping to work to school to healthcare to personal finances—digital fraud continues to skyrocket. This creates a dilemma for consumers: While, on the one hand, we are aware of the potentially serious risks involved in sharing our personal information over the internet, we increasingly are left with no viable alternative. Given this predicament, how can we as consumers do our best to protect ourselves from online threats?

Website Spoofing Exploits Traditional Indicators of Trust

The primary way to protect yourself online is to stay informed about the latest tactics scammers are using to deceive consumers into unwittingly handing over their money, their personal data, or both. One major tool fraudsters use is known as “spoofing.” Speaking generally, “spoofing” can refer to the electronic impersonation of any trusted source–whether it be a business, financial institution, government agency, or charitable organization–for the purposes of scamming the target.

An increasingly popular method of spoofing involves the duplication of trusted websites, tricking users into thinking they are transacting with the authentic site of, for example, their financial institution or a popular brand when, in fact, they are interacting with a fake site operated by con artists. Website spoofing is effective because it exploits characteristics we traditionally have relied upon as indicators of a website’s authenticity (brand logos; fonts; a sleek, well-functioning design; even the web address) and use those very aspects to deceive us.

What Is Spoofing And Where Did It Come From?

According to the United States Federal Trade Commission (FTC)–the regulatory body that receives consumer complaints about problems in the marketplace—the practice of digital spoofing began with email. The FTC Glossary states that “spoofing” originally referred to “the practice of sending a commercial email with a deceptive ‘FROM:’ address in an effort to fool the recipient into thinking the message comes from a trusted source.” (1) However, since that time, the term has been expanded to include additional forms of impersonation involving imposter websites (“website spoofing”) or even false phone numbers (“phone spoofing” or “caller ID spoofing”).

Spoofing By The Numbers: A Growing Problem

Spoofing is a specific tactic used in what the FTC categorizes as “business and government impersonation” schemes. Perhaps fueled by the limited ability to perform transactions in-person, reports of impersonation scams skyrocketed during the COVID-19 pandemic, accelerating a previous trend that has shown no signs of slowing since.

According to the FTC, from early 2017 to mid-2022, the agency received more than 2.5 million reports of government and business impersonation schemes, with the victims reporting they had been scammed out of a collective $2 billion. The FTC warns that, in an effort to gain their victims’ trust, impersonators “may…use implicit representations, such as misleading domain names and URLs and ‘spoofed’ contact information, creating an overall net impression of legitimacy.” (2) The rise in business and government impersonation schemes has continued since, with data released in February 2024 showing that, in 2023 alone, the FTC received over 850,000 reports of imposter scams, making it the second most commonly reported category behind only identity theft. (3)

Who Does Fraud Impact?

Contrary to popular stereotypes that fraud impacts primarily the elderly, FTC data shows that, in 2023, younger adults reported being victims of fraud at a slightly higher rate than older adults, with individuals aged 20-39 accounting for 32% of such claims and older consumers aged 60-79 representing 31%. (3) Further, a significantly higher percentage of young adults aged 20-29 reported actually losing money as a result of the scheme they were reporting (44%) versus those aged 70-79 (25%). (3) The lesson here is that everyone is susceptible to fraud online, and believing yourself somehow immune only makes you an easier target.

How to Protect Yourself Online

Unfortunately, as fraudsters online have grown more sophisticated, many of the strategies that formerly worked to identify and avoid spoofed websites are no longer as effective as they once were. Still, it is important to use whatever tools are at your disposal to try to avoid being scammed online.

Strategy 1: Spot spoofed websites by their appearance

It once was possible to quickly spot fake websites by their not-quite-right logos, blatant spelling and grammatical errors, and lack of real functionality. Unfortunately, digital scammers have become quite adept at cloning the authentic websites that they spoof, making their fakes virtually indistinguishable from the real thing. Just because a website looks authentic no longer means that it is, making this formerly effective strategy not the safeguard it once was.

Strategy 2: Identify fraudulent websites by their URL

As with a website’s appearance, it used to be relatively easy to identify many fake websites simply by taking a close look at the URL, or web address, and observing the obvious differences between the URL of the authentic website and that of the fraudulent site. However, scammers have grown extremely proficient at making fraudulent URLs appear almost indecipherable from authentic ones, for example by using characters from different languages that look nearly identical to those used in the true web address.

Further, while typing known URLs manually into your browser’s address bar remains a somewhat effective way to avoid spoofed websites, it is no guarantee, as some especially savvy scammers manage to spoof even the exact URL of the authentic site, redirecting unsuspecting visitors to the fake site. (4) Additionally, manually typing in the URL only works when you know the exact web address of the site you are attempting to visit, which often is not the case.

Strategy 3: Perform an internet search

When it comes to identifying a particular website or company as legitimate, many online consumers will turn to a tried and true method: the internet search. While this method can sometimes be helpful in avoiding spoofed websites, even the top search engines can return problematic results. For example, when searching for a particular government agency such as the department of motor vehicles, the results often include numerous sites that intentionally make it difficult to discern whether they represent the actual DMV or an unknown third party. Try searching for how to register a business entity or obtain a passport, and you are likely to have a similar experience.

Along the same lines, consumers today rely heavily on the information obtained from online reviews, the majority of which they locate via search engines. However, this information, too, can be of highly questionable quality. An extensive 2021 study that examined 4 million online reviews found Google to be far and away the top consumer reviews site in the United States, with 70% of US consumers using Google to locate online reviews. However, the researchers also found Google to be the most suspicious of the sites it examined, with 10.7% of Google’s reviews being questionable, followed by Yelp (7.1%), Tripadvisor (5.2%) and Facebook (4.9%). In that study, the type of online review fraud identified most frequently involved fake profiles producing fake reviews that were either paid for or posted by the company itself. (5)

In short, the information and links provided by even the most popular search engines are to be taken with skepticism, as fake reviews and spoofed or otherwise dangerous sites can and do show up in search results. As a method for confirming the authenticity of a website, using a search engine is far from a sure thing.

Strategy 4: Use intelligent trust badges to identify authentic websites

Trust badges are intended to be emblems of a website’s authenticity, assuring users that a given site is what it purports to be. However, in practice, trust badges vary significantly in quality and reliability, spanning the spectrum from those that are highly trustworthy to those that offer nothing more than a false sense of security.

On the weaker side of the spectrum are traditional, less-intelligent trust badges that are operated through standard image files placed on a website. These badges offer little in the way of consumer assurance, as they are easily duplicated and not very secure.

Slightly higher up on the security scale are scripted trust badges, which are more substantial than mere image files, but still offer no protection against replication, meaning it would be possible for them to appear on even a spoofed site.

Finally, at the most secure end of the spectrum are next-generation intelligent trust badges such as those deployed by Truly Legit. Built on fully functional and dynamic script, Truly Legit Trust Badges offer the highest level of protection against falsification while still being incredibly easy to use. Want to make sure that Truly Legit Trust Badge is real? Just click on it, and you will be taken directly to a Truly Legit page authenticating the site’s (and badge’s) legitimacy.

As important as the technology behind a trust badge is, the company providing the badges must itself be trustworthy and reliable. Some badge providers offer pay-to-play services, handing out their “trust badges” to whoever will pay with little or no actual verification involved. No matter how great a trust badge’s technology is, if the company behind the badge isn’t performing its due diligence, the badge’s assurances mean nothing.

By contrast, in addition to performing security scans of a company’s website, Truly Legit runs comprehensive verification checks on both the business entity and key business personnel as mandatory requirements for earning a Truly Legit Trust Badge. And once a badge has been granted, Truly Legit doesn’t stop there, using ongoing monitoring and compliance protocols and security scans to provide consumers with continued assurance that both the company and its website are, in fact, legit.

Conclusion: Stop Searching on Google and Start Looking for The Truly Legit Trust
Badge.

When it comes to verifying the authenticity of both a website and the business behind it, Truly Legit Trust Badges offer an unparalleled level of consumer protection, bringing together next-generation intelligent technology with a strong commitment to doing the due diligencenecessary to ensure proper verification. Not only are Truly Legit trust badges more reliable than conducting an internet search to gauge a website’s authenticity, they are much quicker and more convenient, too: Just look for the Truly Legit trust badge and you know instantly upon entering a website that the site is safe and authentic and that the company behind the site has been verified–no need to scroll around or look for a special page containing the badge. Intelligent trust badges from Truly Legit are reshaping the entire internet landscape by bringing trust, authenticity, and verification to online transactions. Want to protect yourself against website spoofing, fake companies, and other scams? Start looking for the Truly Legit Trust Badge.

Sources:

1. United States Federal Trade Commission Glossary of Scams and Legal Terms. (FTC). (Accessed 14 February 2024).
2. United States Federal Trade Commission (FTC). (15 September 2022). FTC Proposes New Rule to Combat Government and Business Impersonation Scams. FTC Press Release.
3. United States Federal Trade Commission (FTC). (February 2024). Consumer Sentinel Network Data Book 2023.
4. Simon, Ruth. (11 March 2015). Cybercriminals Are Misappropriating Businesses’ Web Addresses. The Wall Street Journal.
5. Uberall. (2021). The State of Online Review Fraud: An Analysis of 4 Million Reviews on Google, Facebook, Yelp and Tripadvisor. Uberall in Partnership with The Transparency Company.