Skip to main content

Website Spoofing: How to Identify
and Prevent it

Fraud Prevention Center

 

What is website spoofing? 

Website spoofing, also known as domain spoofing, is a common form of phishing that occurs when an attacker creates a website that looks like the original. The unsuspecting victim is tricked into believing they are interacting with a trustworthy website when, in fact, it is a spoofed website. 

 

For example, if you see a website resembling bfsfcu.org but with a different domain name—like www.bfs-fcu.org or www.bffsfcu.org—it’s a trick!  

Also, we are an “organization” and use the .org designation, created explicitly for charities and nonprofit organizations. We do not use .com or .net on our website address.  

Detecting a spoofed website can be extremely difficult because the company’s domain appears to be legitimate at first glance, but a closer look may reveal some inaccuracies, such as a W being actually two Vs or a lowercase L being actually a capital I.  

Attackers can also create fake websites that look identical to legitimate ones (such as online banking or e-commerce websites), including logos and branding, to deceive the victim into providing sensitive information. The bad actors can then send phishing emails or use social engineering tactics to trick members into clicking on a link that takes them to the fake website. Once there, an unsuspecting victim may be prompted to enter sensitive information such as login credentials, credit card numbers, or personal information. 

Tips to Help You Spot Spoofed Websites

  • If the domain appears correct, check that other information matches. Hover over any hyperlinks to see if they lead where you expect. The proper business name should always appear before the “.org.” (E.g.: www.bfsfcu.org

  • Do not click links within email messages or on a potentially fraudulent website.  

  • While it is always best to manually type in www.bfsfcu.org to reach our site, if you must search for us via a search engine, please do not click on any search results notated with “Ad” and verify that the website link is indeed www.bfsfcu.org by hovering over the link (don’t click!), and see if what is displayed is the address to where you want to go.  

Website spoofing is a severe threat that can cause significant harm to individuals and organizations like BankFund.

If you see a website resembling www.bfsfcu.org but with a different domain name – beware! Website spoofing is happening every day, and with the arrival of AI, the bad actors are becoming even more sophisticated