have you encountered a fake website?We frequently talk about scams designed to steal your personal information or online account credentials. While scammers have a plethora of tricks and techniques for deploying scams, a major part of these schemes is fake websites. That’s because scammers often lure intended targets into clicking on a link that takes them to a fake website. From there, they can either install drive-by malware on victims’ systems or ask for personal and online account information under false pretenses. While we’ve talked about how to confirm that a site uses HTTPS, we’ve never really dug into how you can tell if a website is fake. Continue reading to learn about an Internet directory you can use to help you detect scams and recognize fake websites.

The ground rules of the Internet

Although it might not seem like it at a glance, the Internet is governed by rules with regard to website ownership, as these rules allow for some degree of transparency to exist for Internet users. If you’ve registered a domain for a website before, you might already be at least somewhat familiar with the Domain Name System (DNS) and the rules surrounding its implementation. The Internet Corporation for Assigned Names and Numbers, or ICANN (said like “I can”), is the non-governmental, nonprofit organization which manages, but does not control, the Domain Name System. The DNS is what allows us to type domains (e.g., nextadvisor.com), as opposed to computer IP addresses, into our address bar to navigate the web. As a byproduct of overseeing the DNS and the usage of domain names, ICANN operates a directory with this information. Known as WHOIS (said like “who is”), this directory acts like the Yellow Pages or phone book of the Internet.

How can WHOIS help you?

While ICANN has rules against domain fraud and abuse, unfortunately, many of the ways scammers use fake websites falls outside the organization’s purview. That said, looking up a domain name with WHOIS might help you detect a fake website. Generally, WHOIS provides several pieces of information about a website: the name of the organization/person who owns the domain a web page is on, their contact information and the registrar/web host that the domain is registered with. It’s important to note that website owners can opt to use something called domain privacy to obscure their identity, which means that the information cannot be viewed through WHOIS. Domain privacy is a legitimate service that many domain registrars and web hosts offer, but sometimes it’s abused by scammers. Even in these cases, the registrar which the domain was registered with can be identified, which means if you suspect a fake website is being used for spam, phishing or malware campaign, you can notify its listed registrar of this behavior and potentially get the site shut down.

How do I use WHOIS?

WHOIS is accessible from any computer, either through various websites like ICANN or a web host, or (if you’re technologically inclined) through your Windows or OS X command line. When accessed through a website like ICANN, WHOIS works like any search engine — you enter the domain name and search. It’s important to note, though, that you can’t put any URL into the search bar. For example, if you wanted to conduct a WHOIS search on who is operating the web page you’re currently reading, you wouldn’t insert the full URL (e.g., //www.nextadvisor.com/blog/2017/03/31/pay-no-interest-until-2019-with-these-credit-cards/) into the search bar. Instead, you would only enter the domain name (e.g., www.nextadvisor.com) into WHOIS. A domain refers to everything from the “www” to the website ending (.com, .net, .org, etc.), which is known as a Top Level Domain (TLD). The WHOIS search query will not work if you include characters and symbols after TLD, so make sure when you’re looking at a link to exclude everything after the TLD if you want to conduct a WHOIS search.

When should I use WHOIS?

The decision to use WHOIS is a personal one, but the tool is often best used as a gut check when you suspect that something is amiss. Below we suggest some examples of when you might consider using the directory:

  • If something feels off about the site you’re on. If you’ve clicked on a link or navigated to a site that, for whatever reason, gives you a funny feeling, you can always check it out on WHOIS to see if it’s the company or service it claims to be. For example, if the site claims to be owned by a certain brand, you can make sure that brand is in fact the owner of the site and if not, report it to the domain’s registrar/web host.
  • Whenever you’re provided with a link via email or text. If you ever receive an email or text with a link telling you to change your password or access your account, you should tread with caution because if you didn’t initiate this email or text, it may be a scam — these are techniques that scammers have adopted from actual website practices. You should always be 100% sure that the site you’re on is legitimate, especially when you’re entering in personal information, financial information, passwords or any other sensitive content. While there are some telltale signs the site is fake, which we detail below, if you don’t spot any of these, you may want to look it up through WHOIS.

What are the signs you found a fake website?

As we noted there are usually a combination of factors that can help you determine whether a scammer is trying to get you to go to a fake website. Here are a few of them:

The website’s domain name is spelled incorrectly. Typosquatting is a technique that is often used in phishing scams. It involves buying misspelled variations of well-known domain names and designing a fake website which looks eerily similar to the site it’s imitating. Internet users either inadvertently navigate to these misspelled domains on their own (e.g., accidentally typing Wikapedia and not Wikipedia) or receive a clever phishing campaign that encourages the user to click a link without noticing subtle spelling errors in the domain name. In other instances, links might swap out the TLD or website ending (e.g., google.com vs. google.net). Keep in mind, just because the name is the same, doesn’t mean that the websites are, and know that the general rule of thumb is that most major brands try to operate .com or .org websites. To protect yourself from these sites, make sure the spelling isn’t off and that the TLD is accurate before you click on a link you’re provided, or better yet, navigate to the site yourself instead of clicking directly on a link you’ve been handed.

The site has domain privacy but “belongs” to a major brand. Many scams that are designed to get you to click on links to bad websites are phishing scams, as we noted earlier, meaning they involve a scammer pretending to be affiliated with an entity that they aren’t. If a scammer is using a noted organization or brand (e.g., Target, Lowe’s, Chase, etc.) as their cover, doing a WHOIS search on the domain used in the link they provide you might be helpful because it can confirm the legitimacy of the site. If the domain used in their web page has domain privacy, that’s a red flag, as most major brands do not use domain privacy on their domains.

With so many scams targeting anyone and everyone who will fall for them, it can be hard to know which websites you can trust. By following this guide, you can be sure that you’re entering your information into a legitimate website. For more cybersecurity tricks and tips that are designed to keep you and your identity safe, continue reading our technology blog.