Google and Facebook users told to check for typos while logging in – ‘spoofing’ scam lets criminals steal your identity

GOOGLE and Facebook users are urged to check for sneaky typos in a dangerous spoofing scam that risks your bank account and identity.

You may not think twice before logging in to check your email, but subtle changes in the URL can mean you’ve stumbled upon an entirely different, malicious website .

Getty

A spoofed website is created to deceive internet users and gather information such as credit card numbers or login credentials.

One of the telltale signs is a typo in the web address. Some errors may be glaring, but they are usually hidden – meaning you should browse cautiously.

Cybercriminals will use a URL for their spoofed website that is just one character from the legitimate site. An example is “amaz0n.com,” with a numeral in place of the “o.”

Before clicking on the URL, hover over the link with your cursor. This will allow you to preview the full address and identify any misspellings or grammatical errors.

There are other ways to protect your data before you’ve navigated to the website.

Most spoofed websites are circulated through phishing messages , like texts or emails.

You may be urged to click on a link to correct shipping information or issues with your account on a specific website.

If you receive a message asking for personal details, there are a few ways to determine if it was sent by a hacker—the clues lie in the language used.

Phishers often send messages with a tone of urgency, relying on this pressure to get users to act quickly.

If an unsolicited message claims “urgent action is needed,” take a breath and examine the contents of the email or text.

Another way to ensure a website is legitimate is to check whether it is secured with HTTPS.

HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website. This means it scrambles your data to protect it from prying eyes.

This becomes especially important when placing a product order or signing in to access sensitive personal information.

Websites guarded with HTTPS often feature a padlock in the top left corner of the address bar.

However, this is not a guaranteed sign that you’re safe, as cybercriminals have developed ways to leverage HTTPS to hide malware from detection.

Getty

One of the tried-and-true ways to stay safe online is to enable multi-factor authentication on devices and accounts that support it.

This sign-in method asks users to confirm their identity several times before accessing their accounts.

Using biometric credentials like a fingerprint or face scan is among the best ways to keep your information private.

This can prevent a hacker from accessing your account if your login details were exposed in a data breach.

It will also prevent credential-stuffing tactics, where cybercriminals test different combinations of usernames and passwords until they find a match.

How are scammers finding my number?

Here Mackenzie Tatananni , science and technology reporter at The U.S. Sun, breaks down ways a scammer may get your information.

Scammers commonly get phone numbers from data breaches, which occur when a hacker accesses a private database – often those maintained by companies like service providers and employers.

This information may be shared and circulated online, including on the dark web, where there are forums dedicated to sharing leaked information.

Another common technique called wardialing employs an automated system that targets specific area codes.

A recorded message will instruct the listener to enter sensitive information, like a card number and PIN.

There is also a far more harrowing possibility: your phone number could be listed online without your knowledge.

Data brokers are hungry to buy and sell your information. These companies gather information from various public sources online, including social media and public records

Their primary goal is to build databases of people and use this information for tailored advertising and marketing.

Much of this information ends up on public record sites, which display information like your phone number, email, home address, and date of birth for anyone to see.

In the United States, these sites are legally required to remove your information if you request it.

Locate your profile and follow the opt-out instructions, but be warned – these sites do not make it easy and intend to frustrate you out of completing the deregistration process.

For simplicity’s sake, you can also use a tool to purge your information from the Internet.

Norton offers one such service. Called the Privacy Monitor Assistant, the tool finds info online and requests removal on your behalf.

It is also possible that your phone number may be linked to a social media account and publicly displayed on your profile – this happens quite frequently with Facebook.

Be sure to review your privacy settings and confirm this information is hidden away from prying eyes.