Spoof websites are just that. They exist to trick and deceive, and too many people are taken in by them.

Phishing emails contain links to sites that are bogus. So, first things first, hover your cursor across the address. Whatever is written down, the true address should appear. And with a phishing email, they will use an address to trick you. One that appears legitimate. So, you might read www.yourbank, but when you hover your cursor across the address, it actually reads something quite different, usually a bland numeric IP address. So, if that happens, bin the email straight away, it’s a fraud.

Also, keep an eye open for sites that have an @ in the address. What this symbol does, is to tell your browser that everything before it should be ignored. So you might spot an address which reads something like www.yourbank@28282828. Now, your browser will ignore the yourbank bit, which to you looks legitimate, and just read the numbers, which directs you to the bogus site.

Now, when you come to the actual sites themselves, phishers naturally do their best to create a false identify for their bogus site. So, if in doubt (but never get to a site via a link in an email), have a look at the address in the browser bar. If you think there’s something dodgy there, type-in the following into your browser bar:

javascript:alert("Actual URL address: " + location.protocol + "//" + location.hostname + "/")

This should cause a JavaScript box to appear on screen, which gives you the actual site name, or numeric address. So if someone is trying to hide their website’s true address from you, then you will see it immediately.

But if you don’t fancy doing it yourself, then there are a number of phishing protection tools which you can download and protect yourself against such tactics. Most of these will warn you that you are trying to load a fraudulent site, mainly by presenting you with a big warning on your screen about what you are about to do. And they give you vital information about the site. It gives you the real URL, the country of origin and the time it has been around. The URL is very important, but so is the country of origin, because most phishers are based outside of Europe and Northern America. Also, these sites are rarely live that long, so a site with a short lifespan is likely to be very suspect.

So, there you are. Be questioning whenever you receive such an email. The best policy is to bin them straightaway, because if afterall, no-one has your financial and personal details, then no-one can use them to rob you.

Spoof Web Sites & How to Spot Them – Recap

• hover cursor over website link to discover true address;
• everything left of @ your browser ignores – giveaway that something is amiss;
• careful with sites based in far-off territories;
• beware of young sites;
• do not give out personal, or financial details.