Steering clear of scam sites
17 February 2024

Steering clear of scam sites

With a steep increase in hybrid working and a continued rise towards online shopping cyber-crime is a real threat to both individuals and smaller groups and organisations. Fake websites and apps that steal personal data, or fabricated online pop-up shops that take payments with no intention of posting the advertised product are very common, and we need to be on our guard continually to prevent putting ourselves at risk.

To protect your staff, group or charity from scammers who could steal confidential data or bank details, here are some top tips for your teams on spotting bogus websites.

S is for security

The first place to look for proof of a website’s legitimacy is in its address, which should begin with either “http://” or “https://”. These look pretty similar but the “s” in the latter stands for “secure”, meaning that data transferred via this site is encrypted and therefore better protected from hackers. Although many http:// sites are still safe, it’s best to err on the side of caution when sharing personal info.

The key’s in the padlock

On most internet browsers, on the left of the website address bar you’ll find a tiny padlock symbol that you can click for more details on the site’s security. Some browsers will simply have “secure” or “not secure” in place of a padlock, while others raise a warning when you click on a suspicious site. Google Chrome actively prevents users accessing unsecured sites unless the user chooses to proceed regardless of risks.

Symbols of certification

Some websites carry a green shield or tick logo to show they have been certified by a high-profile security standard, such as DigiCert or Symantec. However, scammers can easily embellish their sites with fake logos, so always click the symbol to see if it takes you to the certification details, or is simply an image file and therefore a fake.

Beware the bargains

When shopping for supplies or specialist equipment for your charity, be cautious of offers that seem too good to be true… They probably are. Some websites advertise rare or valuable items at an exceptionally reduced price, then either take money without delivering the goods, or send an imitation product.

Masters of disguise

Another online trap are the websites posing as real, big name brands, such as Amazon or Apple. They lure you in by using a very similar website address and hope it goes unnoticed, especially if you click through from another site, social channel or email. You can avoid this by accessing the genuine website directly and searching for the item you want from there.

Test their grammar!

We may forgive a few typos, but emails or websites scattered with spelling mistakes and grammatical errors should be an immediate red flag. The seller may not be who they claim, so check for other security verification, and proceed with caution.

Pop-up pirates

Cyber crooks can set up new websites in a flash, sometimes for just one day of trick trading before it gets taken down. While not all freshly made sites are fake, a website’s age can be a big clue to its legitimacy, especially if the business is selling itself as a well-established one. You can check the age of a website here.

The safest way to pay

Even when a website has passed all of these security checks, don’t hand over any money just yet. Always make sure the site only uses secure payment methods, and do not purchase from them if they ask for a wire transfer, money order, or other non-refundable method.

For more information on recognising and reducing the risks online, read our blog on general cybersecurity "Insure IT: Recognising risk in the digital age".

Our friendly team are always happy to discuss all of the available options around protecting your charity against cyberattacks, so please do give us a call on 0333 188 0154.