Top five tips for spotting a phishing site

Warwick Ashford

Thursday 11 June 2009 08:57

Most UK web users are at risk from online fraud, with many unable to spot common tell-tale signs of phishing, a YouGov survey has revealed.

Of more than 2,000 UK adults asked to compare two sites, 88% failed to spot the spelling mistakes that would have identified the phishing site.

Fifty-seven per cent did not notice that the phishing site did not have a padlock symbol in the browser address bar, 34% missed that the URL contained an unspecified domain name, and 23% were duped by a request for additional account information.

How to spot a phishing site
1. https:// The "s" in https:// means the site is encrypted, so the information you enter is secured. While some phishing sites do have a secured web address, many do not. Therefore, site visitors should be on the lookout for missing security on sites that should have it.
2. The padlock icon: To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself.
3. Trust marks: Simple visual cues in the form of popular logos can show that a website is authenticated, secured, and the company is reputable.
4. Check the web address: Be suspicious of any site with an unknown domain that contains the name of a well known site in the latter part of the Web address.
5. Green address bar: This signifies that this site has undergone extensive identity authentication so that you can be confident it is the site it claims to be.
Source: Verisign

"Phishing continues to be a major challenge for online businesses," said Andrew McCelland, director of business development at industry body IMRG.

"It takes only one phishing attack to dramatically reduce the web browsing public's trust in an organisation," he said.

Security vendors and internet browsers have combined forces to help boost trust in websites by establishing the Extended Validation standard for SSL certificates.

"By adopting Extended Validation, a site owner makes it easy for web users to see that the site they are on is genuine," said Tim Callan, vice-president of product marketing at VeriSign, which commissioned the phishing survey.

When a shopper visits a site secured in this way, a high-security browser will trigger the address bar to turn green.

"For additional clarity, the name of the organisation listed in the certificate as well as the certificate's security vendor is also displayed," said Callan.

Stephen Mills, product manager for QuickRooms.com, said that since adding extended validation authentication, sales have increased by nearly 7%.