Scammers are increasingly creating a website that appears trustworthy, but is not. How do you spot a fake website?
fake websites
Internet users can end up on a fake website in many ways. For example, via a link in a phishing email, an advertisement on the internet, a link on social media or via a search result on Google. Scammers today create such convincing fake websites that they can hardly be distinguished from the real ones. Consequence? You might buy something from a fake online store or leave a lot of personal information behind. Login names, passwords, address details, telephone numbers and e-mail addresses are very interesting for criminals. Recognizing a fake website is pretty difficult. If the look of a site completely matches the real site, what can you pay attention to?
Http or https?
Always look at the beginning of the web address (also called the URL). This indicates whether a website is secure. In most browsers, the first part of the url is hidden by default. Click twice on the URL (eg seniorweb.nl) in the address bar to view the full web address. If a website is secure, that’s a good sign. This means that data you leave on the site cannot be intercepted by third parties. Unfortunately, secure is not always the same as secure. Scammers also know that people pay attention to this. That’s why they sometimes create web addresses that start with a lock and https://.
Unsecured website
The website has an unsecured connection if:
- There is an icon of a triangle with an exclamation point in front of it in the address bar with the text ‘Not secured’.
- The url starts with http://
- There is no lock before the URL.
Secure website
The website has a secure connection if:
- The web address starts with https://
- There is a lock before the URL.
Look in the tip ‘Recognize a safe website’ how the lock looks in the different browsers.
Read full url
What to do if the url of a site starts with https:// and a lock, but you are not sure whether the site is safe? Then read the rest of the url carefully. And especially the part after ‘https://’ and before the next slash (that’s this character: ‘/’). Read this part from right to left, so backwards. The actual domain name is always at the back. In other words: who is really behind the website.
Practice with an example
Let’s take a self-invented website as an example. Is it real or fake? The web address: https://www.rabobank.nl.rabobanksite.nl/dit-is-rabobank
- Read the part between https:// and the forward slash. So: www.rabobank.nl.rabobanksite.nl
- Read this from right to left. So start at rabobanksite.nl and end at www
The last part, rabobanksite.nl, indicates which website you are actually looking at. That is not the reliable Rabobank website, but a fake site called rabobanksite.nl. The url starts with ‘www.rabobank.nl’. This may make the site look real, but it isn’t.
Pay attention
Check a web address for the following:
- Typos
Are there typos in the URL? For example ‘senlorweb.nl’ instead of ‘seniorweb.nl’. Then the site is unreliable. - Additional words
Are there (unnecessary) extra words in the url? For example ‘debelastingdienst.nl’ instead of ‘belastingdienst.nl’. Then the site is unreliable. - many points
Are there many dots in the url? For example ‘rabo.bank.nl’ instead of ‘rabobank.nl’. Then the site is usually unreliable. Exceptions are the personal pages of many websites. These often start with ‘mijn.’, such as: ‘mijn.rabobank.nl’ or ‘mijn.overheid.nl’. - Words after the dot
Are there extra words at the end, after the period (the top-level domain)? For example: ‘trouw.com.nl’ instead of ‘trouw.nl’. Then the site is unreliable.- If a web address ends in .com/nl, this is not a sign of fraud. This means that you are looking at the Dutch version of an international website.
- If there are still words after the slash (that is this character: /), that is not (per se) suspicious. Just look at this article, the full url of this is: https://www.seniorweb.nl/artikel/valse-website-herkennen Or do you go to belastingdienst.nl/nu? Then this indicates that you have come to a page within the website of the Tax Authorities called ‘Now’.
- Web addresses mixed up
Are there multiple web addresses mixed up? For example, ‘trouw.nl.detrouw.nl’ instead of ‘trouw.nl’. Or ‘seniorweb.nl.ditisseniorweb.nl’ instead of ‘seniorweb.nl’. Then read the part before the slash from left to right. This way you can find out which domain you are really surfing to.
Fraud Help Desk
Even if you pay attention to all the above points, it is difficult to distinguish a fake website from a real one. The Fraud Helpdesk can lend a hand in reading a web address properly. Enter the URL of the suspicious website on this page. The Fraud Helpdesk then explains how to read the link.