Fake Checks, Technology

How to: best ways to tell a fake website

as this is one of the best ways to tell a fake website

What are the best ways to tell a fake website? Our guide outlines the clues to look for, so you avoid being ripped off by fake sites and online stores.

Find more Fake Check guides, tips and advice
Find more tehcnology guides, tips and advice

In its Domain Fraud Report 2019, Proofpoint focuses on the latest developments in the areas of fraudulent domains (fake pages), tactics and cybercriminal activities. In just 2018, the number of fake pages increased by 11%. That’s a big number, but even more serious is the fact that 96% of all real companies have fake domains.

Best ways to tell a fake website

Cyber ​​criminals disguise their fake pages very well – especially when they imitate well-known online shops. So at first it is not noticeable that these are fake pages on the Internet. However, there are signs that help to distinguish a reputable site from a fake shop:

  • URL: If a known web address has inconsistencies, you can be skeptical as this is one of the best ways to tell a fake website. The same skepticism is appropriate if the web address does not want to match the content of the site at all.
  • Cheap: Fake shops don’t have to be extremely cheap, but the prices are often too good to be true.
  • Limited payment options: Cyber ​​criminals often design their fake shops in such a way that many payment options are ostensibly offered. In the last step of the order, however, there is only one option, usually prepayment. If you encounter such a thing, it is best to cancel the purchase immediately, as it is unlikely that you will ever receive your purchase.
  • Lack of contact information: A bad sign is the missing or incomplete imprint as well as insufficient information on availability. Remember: the corporate identity should be clearly visible. In addition to the postal address, the imprint also includes an authorized representative, an email address and the commercial register number..
  • Seals: Fake shops rely on fictitious seals or on illegally displaying genuine seals of approval. Put it to the test by clicking on the respective seal. If you are forwarded to the certificate of the seal provider, the seal is genuine. If not, as this is one of the best ways to tell a fake website
  • Reviews: Reviews on the web are a good thing, but don’t be fooled. Remain skeptical if the customer reviews only exist within the shop, if they are exclusively positive, or if the reviewers come up with hymns of praise. It is better to feed the search engine you trust with the name of the shop and browse through the experiences of other users.
  • General terms and conditions: If the general terms and conditions are missing, consumer advocates advise not to order on this site in the first place. The same applies if the terms and conditions are fictitious. Sometimes you come across copied terms and conditions or those that have been translated into bad German with a translation program.

Detect suspicious fake domains

Please always take a look at the URL of the website you want to visit first. In the case of fake shops, inconsistencies can often be seen here, for example:

  • The domain actually ends in “.de”, but you can recognize other domain endings, for example “.de.com”.
  • The TLD (Top Level Domain) is completely different from the existing web shop.
  • The shop’s web address does not match the content at all.
  • They may be lookalike domains. The brand name is slightly changed for such domains; for example, an “O” is replaced by a zero. This is easy to miss – stay vigilant!

Not all seals are created equal – recognize fake ones

Seals have emerged over the years to allow reputable online shops to appear as such. In order to receive a seal, the shops are checked for various parameters, which can differ from seal to seal.

Instead of blindly trusting these seals, it is worth taking a closer look here. Click on the respective seal. If this is genuine, you will be forwarded to a certificate from the seal provider. If it is a fake, there is usually no link stored.

Verify the SSL certificate

Particularly with online shops and online banking, caution is required: If the website is not encrypted, the passwords, personal data or payment data to be entered will be transmitted unencrypted. This will not happen with reputable websites!

If the website appears secure to you, i.e. if it is encrypted using HTTPS, please check the certificate carefully! Free SSL certificates are usually only domain validated. A real identity check does not take place. These SSL certificates are often used by fake shops.

Very few fake shops, on the other hand, bother to request a so-called Extended Validation SSL certificate (EV certificate). Because such a certificate requires a precise check of the identity of the certificate owner by the certification authority.

You can check the SSL certificate of a website by clicking on the lock or the field in front of “https” in the address line of the browser. You will then be shown who is the certificate and domain owner and which certification authority has verified the identity.

Check identity and build trust

Many users consider the TLD “.com” to be an unmistakable sign of security. This appearance is deceptive: When a domain is registered, the registrar’s identity is not necessarily checked. Cyber ​​criminals can easily get a .com domain as well for fake shops.

But not only consumers are concerned about security when shopping online. Many online shop operators are also considering how trust in their own shop can be strengthened. The aforementioned EV-SSL certificate strengthens the trust of website visitors, among other things through the address bar which turns green. 

Comments from DENIC

DENIC has commented elsewhere that it has been in close contact with the consumer protection authorities on the subject for months. The following aspect should be considered:

“At first glance, this approach may make a domain look more secure, but ultimately this solution will also have gaps (eg: identity theft) and possibly even because of higher hurdles when registering .de domains, registrants for other TLDs let them migrate without such a test, which could then reduce digital diversity and even make access to the Internet more difficult. “

On the subject of ID checks, as the consumer protection ministers of the federal states are planning, as mentioned in the article, DENIC said: “That’s interesting, although this ID check does not initially help against fake shops, but rather to determine who is responsible. Mandatory EV certificates, as recommended by the BSI, would be much more useful, at least for online shops. “