How do you detect a fake Websites?

I have already installed SpoofStick in my IE and Firefox browsers to at least detect some fake internet websites… but still I’d like to know if they’re really a “real stores” in cyberspace. How about those unpopular sites selling “great items”… how can we know if they really exist? What’s your personal experience?

 

I don't buy stuff at place like www.yousavethismuch.com, I rather go to www.this known company.com.

 

u can also use teh Netcraft Anti-Phishing Toolbar, i use spoofstick tho.

 

I look for grammar errors.

More important of all, I don't buy stuff from the Internet. You can't trust anything on the Internet

 

I second that.

 

Just curious does that mean you don't do any finanical transactions at all?

Online banking, paying bills, filing taxes etc.

In my part of the world, that's getting pretty much impossible to avoid doing.

Actually possible, but the disincentives against that is staggering.

 

I have been purchasing on the internet for years and have never had a problem. You just have to use good common sense and good security software.

 

and for purchasing computer hardware, make sure to check the site at Reseller Ratings.

 

Hi sweater,

I have turned in a number of phishing scams that got through my ISP's scam filter by email. The trick is to look at the message text for the return address when they ask for personal data like a credit card, etc.

Almost always (unless you look), its very real-like, but not authentic if you look under the hood for things like a dash in the return address where there would normally be a '.' - e.g. "sales@isp-mail.com" instead of "sales@isp.com" or something like that.

Otherwise, I use SpoofStick on both IE and Firefox.

-- Tom

 

I'm with bigc ...............been doing it for a number of years

 

Hi,
I would not trust too many online sites for your purchases. I would stick to one or two you know are reputable. One thing to definitely avoid are paids ads on sites and links in popups. You should also beware sites giving you ipods for 5 bucks and such. Nothing is free, so stick with those who try to rob your outright with fair and high prices. They are at least honest enough to rob you in daylight and that's ok.
Personally, I only buy stuff on one site only. Besides, my credit card company has a 30-day revoke insurance policy, which allows the user to cancel any transaction within 30 days of its making. They also phone users once in a while, asking about your international transactions.
My dad's card number was once used illegally, they phoned him from the company to verify if indeed he has made the purchase.
Mrk

 

When connecting to an https:// website, your browser automatically downloads its certificate (which is signed by a certifying authority) to check that the site is genuine. This makes phishing attempts using https:// sites far harder since the phisher would have to fake such a certificate to avoid visitors receiving warning messages (every phishing attempt I have seen has been to a "plain" http:// page). Therefore just checking that you are on a secure webpage before entering credit card details will avoid spoofing (until both MD5 and SHA are fully cracked, see Wikipedia: Transport Layer Security) though there is the possibility of the website's security not being up to scratch against outside attacks.

So yes, there is risk and people should carefully check their statements for any unexpected entries. However risk exists in the offline world also (passing your credit-card to a waiter in a restaurant) and they are often greater.

 

Hi Paranoid2000,

Read Microsoft Scraps Old Encryption in New Code, post #2 here in privacy general subforum: https://www.wilderssecurity.com/showthread.php?t=97780

Apparently, MD5 and SHA-1 have been cracked!

-- Tom

 

Not yet they haven't. What is currently possible is a collision attack where researchers can identify two messages that give the same hash. To spoof a website, an attacker would have to be able to do a secondary preimage attack (finding a message that gives the same hash as a pre-existing one). This has yet to be achieved, but the ability to do a collision attack is an indication that preimage attacks will become possible in the near future (see Hash Collision Q&A and Wikipedia: MD5 for more details).

 

I have had my Visa card attacked twice . The first time for 500 and the second time 6300. I just had to get a new card. Don't know how it was gotten . I know it wasn't off my computer.

 

William, watch out for gas stations.

My dad has had his credit card information stolen by swiping his card onto a fake reader in a gas station. Luckily the credit card company called him.

 

Can I trust you

 

Sadly you can't. Perhaps some day, an evil scientist can kidnap me and brainwash me with videos of Bill Gates. I will never be the same human.

 

Hi, Kye-U

99% of the time Fake Readers or at ATM's.

Take Care,
TheQuest