Kai Studios Web Consultants
  • Home
  • Website Services
    • Web Design & Development
    • Online Stores – eCommerce
    • Search Engine Visibility
    • Sponsored Campaigns
    • Promoted Ad Campaign Management
    • Local Business Listings
    • Website Maintenance
    • Social Media
    • Application Development
    • Statistics & Monitoring
    • Domain Name Registration
    • Managed Web Hosting
    • Web Site Consulting
  • Contact
  • Services
  • Contact
  • Cart

Web Consultants & Development

Call: (424) 239-9323

  • Home
  • >
  • FAQs
  • >
  • What is “spoof site”, “phishing” and why do I need to know about this stuff?
    • Recent Topics

      AdWords AdWords Affiliates/Partners analytics Analytics Bing email Google Hosting image banks local seo Local SEO PPC SEO seo Web Design & Development web design resources
    • FAQ Topics

      • AdWords
      • Affiliates/Partners
      • Analytics
      • email
      • Hosting
      • Local SEO
      • SEO
      • Web Design & Development
    • Search FAQs

What is “spoof site”, “phishing” and why do I need to know about this stuff?

Critical Update: Phishing and Spoof sites are reaching epidemic levels. You MUST learn about this right now and take action. While PayPal is most often the target of “spoofers,” there has been a recent rash of spoof sites for almost every site on the net: PayPal, Ebay, US Bank, Citibank, Wells Fargo, Bank of America, Yahoo, Hotmail, Washington Mutual, Commerce Bank, and ANY ONLINE SITE. Whatever you do, DO NOT click on the link in the email! If you actually have an account at one of the companies mentioned, go there by opening your browser and typing in the correct URL yourself.

“Spoof sites” are web sites created by criminals to trick you into giving them your information. The sites are designed to copy the exact look and feel of the “real” site, in this case PayPal.com, but in fact, any information you enter will be going to criminals, not PayPal. These sites can be as simple as just copying the PayPal site via a “view, source” or built using advanced scripts so that for all intents and purposes, it looks and acts like the real PayPal site. After a thief builds such a site, they will usually email you (spam) saying things like “Your account is limited,” or “We require additional information,” or “Due to a security breach, we need to verify your information.” This is known as “phishing.” (Pronounced “fishing.” To project yourself against “phishing” see our Spyware Solutions page.)

In the phishing email, there will be a link. It will look like https://www.PayPal.com/…, but in fact the email will hide the real address which will either be a string of numbers, or the PayPal.com URL followed by a bunch of cryptic looking information, or even something that resembles an email address. DO NOT CLICK on these links! It’s like handing your car keys over to a chop-shop. Here’s an example of a spoof site below:

paypal spoof 1

If you click on the graphic above, you will see a typical spoof site. Notice the “https://paypal.com/…” in the address bar. But if you right click on the page and select “properties” you will see the real url is NOT paypals. Also notice they removed the bottom status bar, so you can’t see the missing lock. Also note the properties dialog box shows “not encrypted” despite the “https://….” url in the address bar. Below is a graphic showing exactly the real url:

pay pal phish 2

If you want to see this site for yourself, click here. [Previous site shut down, however I found a new one in less than 30 minutes of looking. See here or here for a less sophisticated version. (Has lots of popups.)] UNDERSTAND, THIS IS A SCAMMERS SITE! DON’T ENTER YOUR INFO UNLESS YOU WANT YOUR BANK ACCOUNT CLEANED OUT. We hope this site will be taken down soon, so the link might not work. That’s why I have the graphics, so you will know what to look for.

If you are going to continue to use PayPal, despite all the warnings on this, and other sites, always go to the site yourself and type in the letters: https://www.PayPal.com. Here is what you should see:

paypal spoof 3

You will notice the lock in the bottom status bar. No lock, you are not on the PayPal site. No status bar, you are not on the PayPal site. (Of course if you are on a site that has the old look, you’ll know you are not on the official PayPal site.)

spoof phish 4

If you RIGHT CLICK on any blank white space on the page and select properties, it will show the real URL, which in this case is https://www.paypal.com which is correct. Here it is a little closer up:

Also, PayPal is not the only site that suffers from spoofing. In fact any site can be spoofed. Bank of America, E-gold, Wells Fargo and others have been spoofed in the past. So, the rule is: never click on any link in an email address! Spoof sites are widespread on the net, and gaining in occurrence and sophistication. You can forward suspicious e-mail to the Federal Trade Commission at uce@ftc.gov or file a complaint with the FTC You can also forward unsolicited e-mail claiming to be from Visa or your Visa card issuer to phishing@visa.com. Additional phishing resources are available:

  • National Fraud Information Center
  • www.antiphishing.org
  • www.bbb.org/phishing
  • www.callforaction.org
  • www.consumer.gov/itheft
  • www.visa.com/phishing.

« How to find good keywords • Web/Email Server FAQ »

Post a Comment

Click here to cancel reply.

Your email is never published nor shared.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  • Home
  • Website Services
  • About
  • Contact
  • Location
  • FAQ
  • Affiliate/Partners
  • Blog
  • Cart

Subscribe to our mailing list

Los Angeles, CA. 90077 | (424) 239-9323

© 2023 Kai Studios Privacy Policy - Disclaimer