Cyber Security Today – How to avoid going to fake web sites

How to avoid going to fake web sites.

Welcome to Cyber Security Today. It’s Friday August 7th. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

One of the key reasons cybercriminals have success is their ability to create fake web sites. It’s not hard to copy a company logo from a genuine site. In fact some crooks make a living selling high-quality copies of company or government logos to those who want to build a convincing-looking copycat site. So with the help of Ryan Olson, vice president of threat intelligence of cybersecurity company Palo Alto Networks, I want to talk ways to recognize a fake web site you may get sent to by clicking on a link in an email or text message sent by an attacker.

First, know the web site of where you expect to and want to go. Always look at the website’s address, called the URL. That’s the line that starts “HTTPS” . Is there something odd about the address? Is there an “i” in the place of an “l”, or a zero instead of an “O”? Are you been sent to “” and not “”?

UPDATE: A just-released report has found a new attack method that swaps letters in the URL for spreading malware.

Is the URL confusingly long? That’s not uncommon. But criminals can use a real organization’s name in a fake URL to fool you. Is the address the one you’re expecting? And where is it really going? For example, you think you’re going to The URL says “” The real place it’s going to is “”. Remember what’s before the first slash is where you’ll really go.

If the site lets you log in and handles financial transactions or sensitive information, it should say HTTPS. The “S” means communications are encrypted. There should be a padlock on the far left of the URL. That also verifies the site includes encryption. To have padlock a site has to get a certificate from an approved certificate authority which verifies the owner of the site. A certificate is a small piece of code your browser recognizes. If you click on the padlock you can see who issued the certificate, and the organization it was issued to. So, if you want to go the and the certificate was issued to, that should give you confidence you’re on the right web site. And your confidence should increase if the certificate comes from a company you recognize.

However, Ryan Olson notes a legitimate certificate doesn’t always mean a website is legitimate. Certificates can be stolen or faked. If you expect to go to and the crook has set up, they can get a real certificate for It’s up to you to validate that the information you see is what you expect. Don’t just trust that everything with a padlock is a safe web site.

Finally, looking for padlocks and certificates isn’t easy on smartphones with their small screens. So be extra careful before logging into a web site that you get sent to by clicking on a link in an email or text. This is especially true for doing banking transactions. Only go to a bank through an app you have downloaded from a trusted app store.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast