How to identify phishing scams and websites


Phishing scams are becoming a constant feature in misinformation that is shared online especially on messaging platforms.

Phishing, a social engineering technique used in deception, is fraudulently trying to obtain people’s sensitive information or data by impersonation.

People are directed to enter their information on a website that looks legitimate.

Over time, the FactCheckHub have debunked several of such claims hiding under the guise of recruitment, support fund, empowerment programme, a government activity or free internet data.

They often target subjects and issues that are of interest to the public.

1. Check the URL

a. The content of a phishing post may carry the name and image of a legitimate entity but the website link (URL) it directs users to will not be that of the legitimate website, hence, paying attention to the website link matters.

You can search the name of the entity to find out what their legitimate website link is and compare.

In the image below, the message is impersonating National Identity Management Commission (NIMC).

So, searching on your browser “What is the website address for National Identity Management Commission (NIMC)?” can help.

The website URL and the entity on this message shared via WhatsApp do not tally.

b. In addition, because these scams usually impersonate known individuals and entities, checking the social media handles of such individuals or entities can also help.

This is because such kind of entities usually have verified accounts and their website links are usually included in the bio section.

NIMC Twitter handles showing its website.

2. Security

By rule of thumb, most legitimate entities often use secured websites. If a website is not secured, you should pause and dig further before sharing your information with them.

a. To check if a website is secured, look for a locked padlock symbol in the address bar.

In addition check for the “S” after the HTTP (‘https://’ or ‘https://’).

The ‘S’ indicates the web address has been encrypted and secured with an SSL certificate.

A website without the “s”  after the “http:”  is not secure and any data inputted on it may be intercepted by criminal third parties.

The FactCheckHub website showing its secured features.

b. Fraudsters now come up with a phishing website that looks like the original one to trick users, hence why you need to carefully scrutinise the address before clicking.

For instance, they may add a letter or word or symbols to the legitimate web address and then clone the website.

When you click, it takes you to a homepage that looks like the legitimate one. However, when you look at the website link you will see  or instead of the legitimate one which is

Claim that Nigerian government is giving out free N50,000 lockdown funds to each citizen is FALSE

3. Run a website check

When you see a suspicious website you can check for its history.

There are free tools and websites you can check to verify this. For instance, you can use to check for the verifiable details of a website.

If the website of a known and long-existing entity is active for less than a year, it is a red flag.

If it is a website of a leading brand or agency but registered to an individual in another country, it is also a red flag.

4. Check for content, grammar and spelling errors

One thing we at the FactCheckHub have noticed from debunking phishing posts is that they are littered with bad grammars and spelling errors.

One other important way of knowing a fake website is through the contents on the website.  People usually take time to craft things that would be on a legitimate website but a phishing website is usually rushed or are not willing to dedicate resources to it; as such, it often has poor contents.

If you are on a phishing website, you might even notice its poor graphic design.

5. Call-to-action message to share 

In addition, another observation is that a number of this phishing messages often have a call-to-action message like “Share with 15 friends”, “Share until the bar is full”  before you can access whatever it is they are promising.

They often urge users to share multiple times before they can access whatever they are promising.

6. Check  the “Contact us” section

Another key information that is always missing on a phishing website is the “Contact us” section.

Official websites usually have a page dedicated to providing contact details of their companies.

It may include a postal address, telephone number, email address and social media channels. If none of these details is provided, you should treat the site with suspicion.

These are some of the measures you can apply to avoid falling victims to phishing scams and websites.

Beware! ‘2021 Dangote Empowerment’ post in circulation is FALSE

+ posts


Please enter your comment!
Please enter your name here

Most Read

Recent Checks