Report Phishing Websites

Are a website development company you would think we know most of the tricks in the book to avoid being scammed or our data being stolen. However as everything evolves so do the hackers and we have seen this type of misleading website before but never been this convinced that we was on the right site.

We logged on to the boardroom mac to discuss a clients request for ranking in google for a ‘Skip Hire Location’ our first topic is checking Google Keyword Tool for traffic, engagement and trends for various keywords relating to our keyword.

Googled ‘Google Keyword Planner’

Clicked on the first link as it had the title ‘Google Keyword Planner’ and it asked me to sign in.

Lets stop here for a moment, its very rare we have to resign into google as we are always logged in via Gmail, Chat or the majority of Googles services but a login page design exactly like googles appeared.

This is the type of result we clicked on but it was the top listing. a client had this a few months ago with Norton; it was a sponsored link, designed exactly like Norton’s website and the process to login was identical and they ended up handing over their login details.

When searching Google for a website, there are a few key points to check when clicking on a search result.

• Is it sponsored? 9/10 Nike, Google, Apple or software websites do not need to use sponsored ads but smaller companies will so if it is a sponsored ad, please check the following.
• URL – as you can see with our example, app-vt.site, this cannot be changed as its the link provided to the ad
• Site Title – this can be exact so be sure to check for spelling.
• Meta Description, this also can be edited but most of the time it comes from the website.

Still clicked on the link? so did we, but this is where we checked and thought we was still on google.

Website cloned and as they are using a Google Site, the URL structure we checked seems legit… not reading anything after google.com and not thinking it is a google phishing website.

All feels the same, this is the normal UX structure and when we clicked on ‘Go to Keyword Planner’ we were asked to sign in, this is where they got us.

Still has a google.com URL and looks the same as google sign in, password didn’t work the first time and that’s when we realised it was a Google Website self builder and not googles own sign in / keyword planner.

It happens to the best of us, if we hadn’t have noticed the they would have our email address and password to login and do what they need to do.

Report Phishing Websites:

The little I icon in the bottom left is googles reporting tool, if you think the site is not correct, click this icon and report the website right away and this will help stop more people falling victim to this scam.

Our email & password combination is different per site which stops the hackers / phishing using it elsewhere, we do have 2 factor on our google accounts so even if we didn’t notice right away, we would be alerted if an attempt to login started.

Finally this is the URL we click on most days, google has a nice little icon to show you have been on this website a few times and you know its safe.