How To Identify A Clone Website: Our growing reliance on the internet to conduct much of our day to day business has provided fraudsters with the perfect environment to launch targeted phishing attacks. Website cloning is generally categorized under phishing attacks, victims land on a cloned website through a phishing email or text messages most times.
Website cloning is a popular method scammers use to scam people of their money, personal information and sometimes to damage the credibility of a reputable organization. With the current web development technology any website can be easily cloned; cybercriminals create a clone website that looks exactly like the original website, barring a very small change in the domain name.
What is website cloning and how does it work?
Website cloning is a popular method used by cybercriminals, they create a lookalike website to mirror the real one out of malicious intent. The cloned website has a domain name similar to the original, they sometimes fool users by exchanging characters that lookalike, doubling certain characters in the domain name, or registering a domain name with only a single letter differentiating it from the real one.
There are free tools available to automate website cloning, and since the attacker can control the rate of requests to the target website, they can limit their footprint below any detection threshold, effectively blending in with the internet noise.
Cybercriminal sometimes adds an extra layer of security to their clone website by hosting the domain name with a bulletproof hosting company which do not honour takedown requests. Bulletproof hosting companies are popular, they are openly available online, and some of them even advertise it as a feature.
These hosting companies allow scammers to host websites that violate an online safety rule or have malicious content without terminating their services when organizations or individuals file a takedown request.
How To Identify A Clone Website
How can I spot cloned websites and protect myself?
Although spotting a cloned website can sometimes be difficult, there are some basic things that you can follow to ensure you are operating safely on websites. The following information will provide you with guidelines on how to accurately spot cloned websites and protect yourself.
Use trusted bookmarks: You should ensure that you are on a legitimate website, especially when planning on using sensitive data to log in or perform any sensitive actions such as money transfers or entering sensitive information like Social Security Number, Bank details and so on. Bookmarking the legitimate website and using this instead of any links sent via email or text messages is an effective method.
Verify the SSL certificate: Inspect the website’s SSL certificate to check the domain’s validity. In most browsers, this is done by clicking the padlock icon next to the domain name bar. Websites without SSL certificates should be automatically treated as untrusted, especially if they ask for login details, social security numbers, or other sensitive information. Check the validity of the SSL certificate and when it was issued; if it is only a couple of days or weeks old, it could be evidence of a newly registered domain or a newly issued SSL certificate.
Find where the webserver is located: If you are skeptical about a particular website and everything seems to be okay, you can copy the URL of the website and paste it into a hosting checker website like whois.com to figure out where it is hosted and the date of registration. If you see that the website is hosted in a location where the organization does not normally do business or the date of registration differs from what the company provides, it should serve as a red flag.
Utilize search engines: You can use search engines like Google to navigate to the webpage you want to visit if you prefer not to use the URL sent to you. Official websites are positioned higher in the search results since they existed longer and have more links from other websites pointing to them (an important search engine metric).
What to do if you find a clone website
If you’ve landed on a clone website, do not provide any sensitive information like financial details, a login and password, verification codes, social media login details, or even your name and contact information. When in doubt, don’t fill it out. Additionally, do not click on links from phishing emails, unfamiliar online posts or DMs. Knowing if a site is fake or cloned will help you know whether or not to buy from a site.
You should report a fake site to Google Safe Browsing and close out of it right away.