Websites are extremely easy to make. Hosting providers such as GoDaddy, Wix, Weebly, and WordPress make it seamless to setup a website in minutes. However, is it straightforward to tell if a website is real or not? The answer is that it depends per individual website made, but there are some key items to look for on a website.
The Rise of Fake Websites
Websites are popping up on the internet every second of the day. The internet is ever expanding with no stop in site. However, this exponential growth of the internet makes it easier for criminals and trolls to make websites that appear legitimate but are not. These fake or malicious websites can host malware, phishing campaigns, and more. As technology progresses, it can be increasingly harder to detect if a website is real or not. This is because tools can be used to create fake or malicious websites in a matter of minutes.
Duplicating Websites
Duplicating a website’s front facing and login page is relatively simple. Tools such as Wget and Httrack allow for an attacker to download files using the terminal. However, websites are made of files that an attacker can download. For example, to download a website, an attacker would type the following:
wget --recursive [URL]or
httrack [URL] -O [LOCAL DIRECTORY]These commands will clone the website on the attacker’s local disk. Once the files are downloaded, the attacker can then modify the code for the HTML, CSS, and Javascript as needed to make a phishing or malicious file hosting website.
Website Domain Name
Next, an attacker needs a domain name. A domain name for websites is also known as the Uniform Resource Locator (URL). For example, “google.com” is a domain name that many people are familiar with. To mimic the cloned websites domain, the attacker will deploy a trick called typosquatting. Typosquatting is when the domain or URL of a website looks similar to the real website but has some distinctions. For example, “google.com” is owned by Google, which means an attacker cannot use that domain name. To get a domain that is similar, the attacker will use “gooogle.com” or “go0gle.com”. Both of these domains look similar to the original “google.com” domain, but they are different compared to the original.
Moreover, attackers can also buy sub-domains to a legitimate website. For instance, “google.com” is the original website that is deemed safe. The attacker could then buy a sub-domain that looks like the following: “legit.google.com”. This may seem real for many people because it has Google in the name. However, “legit.google.com” could lead to a malicious website that the attacker setup for unsuspecting guests.
Capturing Unsuspecting People
Finally, once the fake / malicious websites are up and running, the attacker needs a way to “advertise” their website. Frameworks such as GoPhish can be utilized to automate a phishing campaign. GoPhish can be used to send out emails to small and large corporations or to individuals. Attackers could also advertise their website with Google’s advertisement system. When a user searches Google without an adblocker, ads show up at the top of each search. These ads are placed for people to advertise their products and website. Attackers can abuse this and get their fake website to the top of Google’s search results.
Many people often click these ads, which can lead to phishing pages or malicious files that pretend to be legit. OBS, Open Broadcaster Software, is used to record videos or stream to various online platforms. Since OBS is free and open source, attackers can modify the code and send out a malicious copy of the program. They can then advertise their product with Google’s advertisement program, which can lead to people downloading the malware.
How to Spot Fake Websites
- Look to see if the website is encrypted. On every browser, check to see if there is a lock icon next to the URL.
- Look to see if the URL or domain is spelled correctly. If not, it may be a fake or malicious website.
- Look for misspellings on the website. This helps to see if the website is reliable and accurate.
- Use various websites such as VirusTotal, Urlvoid, or Whois to verify if the website is legit and credible.
- Finally, use common sense. Does the website look or feel sketchy? Trust your gut feeling and use the four steps mentioned above.
