Site Spoofing
Some malicious individuals use phishing scams to set up convincing spoofs of legitimate Web sites. They then try to trick you into visiting these Web sites and disclosing personal information, such your credit card number.
Fortunately, there are several steps you can take to help protect yourself from these and other types of attacks.
What is a spoofing attack?
Spoofing attacks are commonly used in conjunction with phishing scams. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate.
Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.
How to verify a site certificate
Always verify the security certificate issued to a site before submitting any personal information. Before you submit any personal information, ensure that you are indeed on the website you intend to be on.
You should find that the http://www. In the address bar has an S added to the address, like this https://www. This indicates a Secure site.
You should also be checking the yellow lock icon on the status bar.
This symbol signifies that the website uses encryption to help protect any sensitive personal information—credit card number or payment details—that you enter.
Secure site lock icon. If the lock is closed, then the site uses encryption. Double-click the lock icon to display the security certificate for the site. This certificate is proof of the identity for the site.
When you check the certificate, the name following 'Issued to' should match the site you think you are on. If the name differs, you may be on a spoofed site.
If you are not sure whether a certificate is legitimate, do not enter any personal information. Play it safe and leave the Web site.
Also, be cautious about clicking links in e-mail messages or in online ads from retailers you don't recognize or trust. If you have any doubt about a link, do not click it.
Instead, type the Web site address into the address bar of your Web browser, or try to confirm that the link is legitimate.
Remember, if an offer sounds too good to be true, it probably is.
