Computer‎ > ‎Security‎ > ‎Phishing‎ > ‎

How to recognize spoofed Web sites

Some cyber criminals use phishing scams to set up convincing spoofs of legitimate Web sites. They then try to trick you into visiting these Web sites and disclosing personal information, such as your credit card number.

Fortunately, there are several steps you can take to help protect yourself from these and other types of attacks.

What is a spoofed Web site?

Spoofed Web sites are commonly used in conjunction with phishing scams. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site.

Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.

Use Modern Web Browsers

Internet Explorer 8 is designed to help you avoid fraud, phishing scams, viruses, and other malware. as well as Mozilla Firefox and Google Chrome.

Avoid phishing scams. In Internet Explorer 8, the SmartScreen Filter helps detect unsafe and potentially unsafe Web sites as you browse. It alerts you if a site you are trying to open has been reported as unsafe, and allows you to report unsafe sites yourself.

Identify fake Web addresses. Internet Explorer 8 helps you avoid deceptive Web sites that are designed to trick you with misleading addresses. The domain name in the address bar is highlighted in black and the remainder of the address is highlighted in gray to make it easy to identify a Web site's true identity.

Typo scamming

Cyber criminals also use Web addresses that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address "" could appear instead as:


This is called "typo-squatting" or "cybersquatting." Scammers register these domain names in order to compete with the popular site or to earn money through advertisements.

If you enter the wrong URL you might be taken to a site where you'll see an ad for the site you really wanted. If you click on that ad, you might get to where you want to go: You've made an extra click and the scammer has earned some money.

Typo-squatters and cybersquatters can also create more insidious scams, such as downloading malicious software applications and spyware onto unprotected computers that connect to their sites.

The United States and other countries have passed legislation to help challenge cybersquatting registrations, and the Internet Corporation for Assigned Names and Numbers (ICANN) has worked to remedy the situation, but cybersquatters are still out there.