Prompt: Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?
The first example of a fake website is mysapce.com. This website is a typo-squat of mysapce.com; a typo-squat is when an attacker purchases a domain that is a common misspelling of a more well known company and then creates a fake page that mimics the real one. The obvious sign that this website isn’t real for me is when I get the notification that the page is not secure.
In this case, if I use the advanced options to go to the insecure site, it redirects to mysapce.com, which is so closely matching the legitimate website that it’s either a misconfigured redirect or a very good scam page (note the security exception in the top left corner.) These screenshots were taken in a virtual machine and not on the host.
A historical example that I personally dealt with was the website www.facebok.com, which I accidentally opened several times in high school instead of the proper www.facebook.com domain. While Facebook has finally taken the domain back and used it as a redirect; the original typo-squatted website could first be distinguished by its lack of security certificate, causing browsers back then to downgrade to HTTP instead of HTTPS. The website also looked like an outdated version of the current Facebook website; it had an older UI and design language as well as a number of typos.
Another example of a famous fake website was goggle.com from the early days of Google Search. I went to this website a few time on my mother’s computer to predictable results. The website performed drive by malware downloads on end user computers. The easiest way to detect it was the subsequent malware infection. The other easy way would be to see the site and realize you weren’t at google.com.
All of these examples would be stopped by not going to the typo-squatted domain in the first place and that’s the main message to take in. The end users need to be careful about where they go on the internet and what they’re typing in the address bar.