How to identify phishing scams and websites
By Niyi Oyedeji
Phishing scams are becoming a constant feature in misinformation that is shared online especially on messaging platforms.
Phishing, a social engineering technique used in deception, is fraudulently trying to obtain people’s sensitive information or data by impersonation.
People are directed to enter their information on a website that looks legitimate.
They often target subjects and issues that are of interest to the public.
1. Check the URL
a. The content of a phishing post may carry the name and image of a legitimate entity but the website link (URL) it directs users to will not be that of the legitimate website, hence, paying attention to the website link matters.
You can search the name of the entity to find out what their legitimate website link is and compare.
In the image below, the message is impersonating National Identity Management Commission (NIMC).
So, searching on your browser “What is the website address for National Identity Management Commission (NIMC)?” can help.
b. In addition, because these scams usually impersonate known individuals and entities, checking the social media handles of such individuals or entities can also help.
This is because such kind of entities usually have verified accounts and their website links are usually included in the bio section.
By rule of thumb, most legitimate entities often use secured websites. If a website is not secured, you should pause and dig further before sharing your information with them.
a. To check if a website is secured, look for a locked padlock symbol in the address bar.
In addition check for the “S” after the HTTP (‘https://’ or ‘http://’).
The ‘S’ indicates the web address has been encrypted and secured with an SSL certificate.
A website without the “s” after the “http:” is not secure and any data inputted on it may be intercepted by criminal third parties.
b. Fraudsters now come up with a phishing website that looks like the original one to trick users, hence why you need to carefully scrutinise the address before clicking.
For instance, they may add a letter or word or symbols to the legitimate web address and then clone the website.
When you click, it takes you to a homepage that looks like the legitimate one. However, when you look at the website link you will see https://Myfactcheckhub.com/ or https://NIN.factcheckhub.com/ instead of the legitimate one which is https://factcheckhub.com/
3. Run a website check
When you see a suspicious website you can check for its history.
There are free tools and websites you can check to verify this. For instance, you can use https://whois.domaintools.com/ to check for the verifiable details of a website.
If the website of a known and long-existing entity is active for less than a year, it is a red flag.
If it is a website of a leading brand or agency but registered to an individual in another country, it is also a red flag.
4. Check for content, grammar and spelling errors
One thing we at the FactCheckHub have noticed from debunking phishing posts is that they are littered with bad grammars and spelling errors.
One other important way of knowing a fake website is through the contents on the website. People usually take time to craft things that would be on a legitimate website but a phishing website is usually rushed or are not willing to dedicate resources to it; as such, it often has poor contents.
If you are on a phishing website, you might even notice its poor graphic design.
5. Call-to-action message to share
In addition, another observation is that a number of this phishing messages often have a call-to-action message like “Share with 15 friends”, “Share until the bar is full” before you can access whatever it is they are promising.
6. Check the “Contact us” section
Another key information that is always missing on a phishing website is the “Contact us” section.
Official websites usually have a page dedicated to providing contact details of their companies.
It may include a postal address, telephone number, email address and social media channels. If none of these details is provided, you should treat the site with suspicion.
These are some of the measures you can apply to avoid falling victims to phishing scams and websites.