Trust is key to any relationship. Cybercriminals count on that when they spoof a webpage. Websites mimicking a trusted business increase the odds visitors will enter credentials or payment information — especially if the login window also closely resembles the real one.
Scammers create URLs containing subtle misspellings (zionsbank.com vs. zionbank.com) or using unusual extensions (.cam vs. .com). They also add phrases to legitimate domains (support-zionsbank.com or zionsbank.com[info]) to lure you in. From there, it's just a matter of continuing to make the phony website look like the real deal.
Whether you're looking at a webpage or a login window, examine the URL carefully.
Avoid the fakes
Help protect yourself by dodging dodgy pages altogether. Follow these tips:
- Use a spam filter.
- Don't click links and attachments in emails.
- Go directly to financial institutions’ websites using official web addresses and then save the addresses in favorites.
- Avoid using links from Google, Bing or other browsers. Fraudsters pay to have their phishing site show at the top of the search results.
- Review the URL carefully and look for minor misspellings, extra characters or any other modifications. For example, if the legitimate URL is yourbank.com, the hacker may make a minor change like adding an extra letter, such as yoursbank.com.
- Use a password manager, which can log you into websites, generate passwords and help validate certain websites.
- Update multi-factor authentication (MFA) destination to SMS or phone. This offers increased protection and near real-time notification of profile changes.
- Update alert settings to add mobile SMS (mobile or land line) notifications for mandatory and security alerts.
- Install malware and anti-virus software.
- Use online and/or mobile banking to regularly monitor accounts for unusual activity.