Staying ahead of the crooks: How to spot and avoid spoofed websites.

Scams are growing in number and in sophistication. One way involves using spoofed websites – clever imitations designed to resemble legitimate businesses, including financial institutions. To spoof a website, bad actors purchase "sponsored links” to fake sites which appear at the top of search results. Their goal is to boost their site’s visibility and lure unsuspecting users into clicking on them. These deceptive sites can pose serious risks by exposing consumers to potential malware, identity theft, and financial loss.

Here’s what to watch for:

URL errors and issues: Look for misspellings or unusual domain extensions. A single letter out of place might mean you’re on a fake site.

Grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that’s often your first clue it’s a fake site.

False security notification: Once you click on a site link, you’re presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention “unauthorized activity” or other details designed to trigger anxiety and panic.

Request for personal information: Legitimate businesses will never ask you over the phone for your account login password. If someone is asking you for your account login password by phone, do not provide it.

Privacy policy: Genuine sites will have a privacy policy available. If it’s missing, think twice.

Avoid searching for a site: Use your saved bookmarks for visiting websites, especially financial ones, to avoid the risk of phishing and downloading malware.

Question urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels.

Use secure networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible.

Call before acting: If you have concerns about a site or link, it’s always best to contact the company before taking any action, like downloading software.  Don’t use phone numbers or email on the suspicious site.

Advice from First Commonwealth Bank

How to not get tricked by fraudsters.

The power to not get tricked by fraudsters is in your hands. So our treat to you is this quick reminder of your special powers:

Make your usernames and passwords more complex.

Passwords like 123456 are too simple. Use a random password creator when possible. You can also create a complex password of your own such as d0gTreets43#.

Keep those complex usernames and passwords private.

No matter what the email or text says, never share your username or password. These items are private to you, and we will never call and ask you for them.

 Monitor your accounts.

Review your bank accounts including your credit cards to spot any unusual transactions. Monitoring tools like Mastercard ID Theft Protection do the monitoring for you