What is website spoofing?
Website spoofing, also known as domain spoofing, is a common form of phishing that occurs when an attacker creates a website that looks like the original. The unsuspecting victim is tricked into believing they are interacting with a trustworthy website when, in fact, it is a spoofed website.
For example, if you see a website resembling bfsfcu.org but
with a different domain
name—like www.bfs-fcu.org or www.bffsfcu.org—it’s a trick!
Also, we are an “organization” and use the .org designation, created
explicitly for charities and nonprofit organizations. We do not use .com or .net on our website
address.
Detecting a spoofed website can be extremely difficult because the
company’s domain appears to be legitimate at first glance, but a closer look may reveal some
inaccuracies, such as a W being actually two Vs or a lowercase L being actually a capital I.
Attackers can also create fake websites that look identical to legitimate
ones (such as online banking or e-commerce websites), including logos and branding, to deceive the
victim into providing sensitive information. The bad actors can then send phishing emails or use
social engineering tactics to trick members into clicking on a link that takes them to the fake
website. Once there, an unsuspecting victim may be prompted to enter sensitive information such as
login credentials, credit card numbers, or personal information.
Tips to Help You Spot Spoofed Websites:
-
If the domain appears correct, check that other information matches. Hover over any hyperlinks to see if they lead where you expect. The proper business name should always appear before the “.org.” (E.g.: www.bfsfcu.org)
-
Do not click links within email messages or on a potentially fraudulent website.
-
While it is always best to manually type in www.bfsfcu.org to reach our site, if you must search for us via a search engine, please do not click on any search results notated with “Ad” and verify that the website link is indeed www.bfsfcu.org by hovering over the link (don’t click!), and see if what is displayed is the address to where you want to go.