Social Engineering — Website Spoofing
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust.
Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft. Criminals use a variety of social engineering attacks to attempt to steal information. Website spoofing is one of them. Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website published by a trusted organization.
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate.
- Typing an address in your browser is a safer alternative. Only give sensitive information to websites using a secure connection. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://". Avoid using websites when your browser displays certificate errors or warnings.