fbpx

How to determine a fake or fraudulent website 如何識別欺詐網站

hacker

來越來越多人需要在網上購物或處理各式各樣的事務,所以核實一個網頁的真假變得非常重要,否則除了金錢損失以外,自己或公司的私隱也會出現洩漏的危機。以下提供幾個核實網頁的方法給大家,希望可以盡量減少誤墮假網的可能性,當然騙徒手法層出不窮,使用了以下的方法也未必能百分百避免問題,但是絕對是比完全不做核實工作安全得多。

 

1. 網址超文件傳輸協定(網址開頭):

在網站上要看的第一件事就是網址開頭的https://。 https://中的S表示安全,表示網站使用加密來傳輸數據,從而保護其免受黑客攻擊。雖然就算網站使用http://(沒有S),也不一定說網站一定騙人的,但需要注意。 為了安全起見,您絕對不要在以http://開頭的站點中輸入個人信息。

https

 

某些互聯網瀏覽器(例如Google Chrome瀏覽器)會向您警告有關不安全網站的信息。 如果網站是安全的,則您會在網址旁邊看到一個小鎖頭,或者該地址可能以綠色突出顯示。 您可能還會見到https://之前的掛鎖旁邊的域名。 這意味著該網站具有最高加密級別之一,應該可以信任。另外也可以點擊小鎖頭,查看網頁的SSL憑證,看看憑證是否有效及那由一間公司簽發去加強核實網頁的真確性。

SSL Certificate

 

2. 檢查域名:

騙徒最喜歡的技巧是創建一個模仿大型品牌或公司地址的網站,例如Amaz0n.net, yhaoo.com.com或 gooogle.com等,騙徒希望您使用他的網站從而獲取你的資料。尤其是如果您從另一個頁面重定向到網站,則更加需要仔細檢查網址名稱。

 

3. 檢查網頁資料:

您可以從網頁的”關於我們”查看公司的資料,看看有沒有文法不通,描述與該公司的產品或服務不符,因為一些假網頁會用抄來抄去或是用Google Translate去”copy and paste”內容的方法粗製濫造。如果你看見內容認真可信,便可以在”聯絡我們”或頁底等地方看看關於該公司的資料,真的網站通常會有聯絡的方法,電郵,電話號碼或是即時對話,那你便可以直接用這些方法聯絡他們去問多一些問題了解更多公司背景再加以分析,如果網頁有列出公司地址,通常都比較可信,但您也可以在網上尋找該地址去核實一下,甚至乎致電該地址的管理處核實也可。

如果網站有列出的公司名稱,可以公司註冊處綜合資訊系統 (ICRIS) 的網上查冊中心查找該公司是否存在及公司的基本資料,例如公司在什麼年份成立等等。

https://www.icris.cr.gov.hk/csci/

Cyber Search Centre

 

4.檢查網域及社交媒體的建立年分:

通常在假期期間或像現時疫情的情況下會比平時有更多人在網上購物,因此騙徒會在這段時間非常快速地建立了像實的網站。 所以通過檢查域名的建立時間及使用期限,可以查看該網站運營了多長的時間,從而使您對網站的真實性有更好的了解。可以使用類似以下的網上 Whois 工具查找域名資訊,在輸入域名後便會看到相關的訊息,如果域名沒有使用保護私隱的服務,您會看見更多有關注冊人的資料例如公司名稱、電郵地址、電話號碼及公司地址等等的資訊,進一步核實公司的真確性。

https://www.whois.com/whois/

whoistool

 

另外,也可參考域名資訊中的網站託管公司是否一些如SitegroundBluehost 等等的比較有名的公司,因為他們在客戶驗證方面會比較嚴謹,若發現其下託管的網站或電郵有不尋常的活動,他們便會立即對有關網站採取對應行動確保用戶安全。

hosting

除此之外,查看網站相關社交媒體的建立時間或更新資料的日期及頻密程度去,去了解該公司是否仍然運作及運作了多久,或專頁有沒有轉名等等也是可以考慮的方法。

FB transperancy

 

5. 在搜索引擎中輸入網站名稱並查看結果:

Google 會幫助你找出已知的危險網站或不合法的網站,從而提出警告。如果沒有看見警告的話,您也可以從中看到該網站的活動發文等的搜尋結果,那便可以在當中加以分析。您也可以使用Google 的安全瀏覽網站狀態工具來檢查網站的安全狀態。

https://www.google.com

檢查網站狀態:

https://transparencyreport.google.com/safe-browsing/search

 

6. 使用病毒掃描程式:

如果一個網站有大量廣告或彈出性的網頁,有可能代表該網站不安全。 廣告本身並不是問題的徵兆,但是如果廣告多於內容,或者須要您點擊多個廣告才可以以重定向到網站,則這網站有機會是一個有問題的網站。 此時可以使用病毒掃描程式,嘗試去掃描該網站是否已知的欺詐網站。


 

7. 使用安全付款方式

在不熟悉的購物網站購物時,最好是使用如信用卡,PayPal,Apple Pay 或 Google Pay 等等的付款方式, 因為使用PayPal會提供買家購物安全保障,在交易遇上問題時都會為你提供補償。即使使用信用卡等方式,也有機會在指定時間內追回有問題的交易付款。若網站只要求您使用銀行轉帳或電匯等不可退款的付款方式,即使網站看起來是真實,亦不建議使用該網站。

payment method

 

如果做足以上的建議,相信被騙的機會應會大為減少!

 

Plenty of people need to shop or deal with various affairs online, and it is very important to verify the authenticity of a website to protect your privacy and financial information. Therefore, We’ve got several tips for verifying websites below.

 

1. Website Protocol (the address bar):

The first thing to check on the website is the https: // at the beginning of the URL. https: The S in // means security, which means that the website uses encryption to transmit data to protect it from hackers. Although if the website uses http: // (no S), it does not necessarily mean that the website must be deceiving, but it needs to be alerted. For security reasons, you should never enter personal information in sites beginning with http: //.

Some Internet browsers (such as the Google Chrome browser) will warn you about unsafe websites. If the site is safe, you will see a small padlock next to the URL, or the address may be highlighted in green. You may also find the domain name next to the previous padlock. This means that the website has one of the highest encryption levels and it should be trustworthy. You can also click on the padlock to view the SSL certificate and verify the valid date and issuer.

 

2. Check the domain name:

The scammer’s favorite technique is to create a website that imitates the address of a large brand or company, such as Amaz0n.net, yhaoo.com.com, or gooogle.com. The scammer hopes to obtain your information via their websites. Especially if you redirect to the website from another page, you will need to double-check the URL name.

 

3. Check the website information:

You can check the company’s information from “About Us” on the website and check for poor grammar and spelling, if the description does not match the company’s products or services, some fake websites usually copy and paste content. If you found the content is serious and credible, you can check the information about the company in “Contact Us” or footer. Legitimate websites usually have contact methods, emails, phone numbers, or instant chat. You could use this information to contact them directly and ask questions to learn more about the company background. If the company address is listed on the website, it is usually more reliable, but you can also find the address on the Internet to verify it, or even call the management office at that address to verify.

If the company name is listed on the website, you can use the ICRIS Cyber Search Centre (ICRIS) to find out whether the company exists and the company’s basic information, such as the year the company was established and so on.

https://www.icris.cr.gov.hk/csci/

 

4. Check the age of the domain and social media:

During holidays or in the current situation, there will be more people shopping online than usual, so the scammers will establish a website very quickly. Therefore, by checking the age of the domain name, will help you have a better understanding of the authenticity of the website. You can use the online Whois tool to find out the domain name information. After entering the domain name, you will see the related information. If the domain name does not use privacy protection services, you will even find out the information about the registrant, such as company name, email address, phone number, and company address.

Besides, you could check if the hosting company is one of the famous companies such as Siteground or Bluehost, because they will be more rigorous in customer verification, if they find out their websites or emails has unusual activities, they will immediately take the corresponding action on the relevant website to ensure user safety.

It is also possible to check the age of the relevant social media, frequency of updating information and any page name changing history to see whether the company is still operating and how long it has been operating.

https://www.whois.com/whois/

 

5. Check with a search engine :

Google will filter known dangerous sites or illegal sites and warn you. If you don’t see the warning, you could also see the search results of the websites and activities, etc., You can also use Google Transparency Report Tool to check the website’s security status.

https://www.google.com

Google Transparency Report:

https://transparencyreport.google.com/safe-browsing/search

 

6. Use a virus scanner:

If a website has a large number of advertisements or pop-up windows, it may mean that the website is not safe. The ads themselves may not be an indication of a problem, but if there are more ads than content, or if you need to click on multiple ads to be redirected to the site, then you should pay attention to it. At this time, you could use a virus scanner to check whether the site is known to be a fraudulent website.

 

7. Use secure payment methods

When shopping on an unfamiliar shopping website, it is best to use payment methods such as credit card, PayPal, Apple Pay or Google Pay, etc., PayPal will provide Buyer Protection Program and it will get you covered if a purchase doesn’t go as planned and is eligible for buyer protection. Even if you use a credit card, you have the opportunity to recover the problem payment within the specified time. If the website only requires you to use non-refundable payment methods such as bank transfer or wire transfer, even if the website looks legitimate, we do not recommend to use the website.

 

Although we may not cover all tricks, and the hacking tricks are emerging one after another, but it is safer than doing nothing. Hope this helps!

Leave a Comment

Your email address will not be published.

Scroll to Top