Do Not Enter Websites With “sites” in the URL
The great thing about Google services is that they are easily accessible and free. The downside is that they are also available to scammers and they are good at using them to rob you.
The latest scam involves a service known as Google Sites . Sites are not as well known as Gmail or Google Docs. This is a Google service that allows you to create websites with your own URL. For many years, the accepted principle of online security has been to not click on domains you don’t trust. Something like “www.yourbank.fakedomain.com” might seem like an obvious attempt to scam you, but what about “sites.google.com”?
How Fraud Works
Fraudsters create a “fake” website that looks very much like the real one in order to trick you into logging into their site instead of the real one. They hope that their fake website will show up on the Google results page when someone googles, say, PayPal, and they trick people into giving up their login information.
Consider this scenario: your phone goes offline when you go out to dinner, so you borrow a friend’s phone to sign into PayPal and pay your share of the bill. You type “PayPal Login” in the Google search bar and you get the following results:
The first result is a legitimate PayPal website. But pay attention to the third result, which begins with the word “sites”. This website is not an official PayPal website, but was created using the Google Sites service. However, if you click on this result, you will see the following:
You will be able to tell right away that the URL of the fake website looks wrong. But the website itself is very similar to the official one, and especially on mobile devices, you can’t always easily view the entire URL unless you click to open it. If you were to enter your credentials to a fake site, including your password, not only would you give your personal information to the scammers, but you would potentially gain full control of your PayPal account.
Always check the URL or enter it yourself.
Google Sites is just one of many ways to create fake websites, so Google is not the problem. There are many things you need to be vigilant about, but there are some things you can do to avoid falling prey to these scammers.
Check the URL. Always look at the URL before entering any site. Make sure it’s “secure” – Secure Sockets Layer (SSL) certified sites have a small padlock symbol in the URL bar. Make sure the URL does not contain extra characters. If you’re not sure you’ve picked the right one, do a Google search for the domain like this: “Is [domain in question] legal?”. Some domains are more difficult to analyze than others. Let’s take “paypal.com.webservices.com”, which seems fine if you didn’t notice that there is an extra “.com” at the end.
Don’t click on Google Ads
Google ads usually rank at the top of the search results and try to match everything you searched for. However, these websites are often not affiliated with the official site you are looking for and, worse than a waste of time, they can also lead you to fake websites. Instead, select the standard Google search results and be sure to check the URL before logging in.
Avoid Googling Websites Completely
Instead of looking for the site you want to visit, get in the habit of typing the URL directly into your browser’s address bar. If you know it’s a website you’ll visit often, like your bank’s website, bookmark it so you don’t have to type it in every time.