Storage Spoofing (part 5) - How to spot a fake website
We are currently publishing several articles on 'storage spoofing', in response to repeated cases of fraud and sales of fake storage in the Port of Rotterdam. You can find the introductory article on storage spoofing here and the first follow-up with several real world examples here. In this latest addition to the series, we inform you on how to spot a fake website.
[this article in Dutch? Click here]
1. GENERAL LOOK & FEEL
Is it under construction? Does the name of the website in the browser match the company’s name? Sometimes lots of (moving) pictures or videos distract from what’s really important. Be mindful of (bad) Photoshop, such as brand logos that look 'off' or pictures of storage tanks that look as if the company name has just been pasted onto the picture rather than stuck on the actual tank.
An e-mail or website on a mobile device also provides less information than your regular laptop or desktop. So if you have any doubt about an e-mail, open it from your laptop/ desktop to check the most important information regarding the e-mail: who is the sender and does the address make sense?
There is a wide range of websites, from those under construction with only contact details to very extensive professional websites. If you look closely, you will sometimes find poor English or poor ‘native’ language. And perhaps the company name has recently changed and the fraudsters are using an old one?
If you are contacted by phone, usually on an anonymous number, ask if you can call back later and ask for their number. Does the country code match?
2. CONTACT DETAILS
Are there links on the website? If so, hover over the link and check the bottom-left corner of your browser screen to see where they lead to. Does the link make sense? This is particularly important with payment links.
Consult different sources, like Google Maps with satellite view. For example, a tank storage terminal is unlikely to be found in Rotterdam city centre. Tank storage is often clustered and not located between other segments.
Social media, most notably LinkedIn, is a good way to verify names and authenticity.
All information on the website should be checked: address, contact details, telephone number and Chamber of Commerce number. If this last number is not mentioned, please ask for it. You can check Chamber of Commerce information using this website: https://www.kvk.nl/zoeken. Unfortunately, this website is only in Dutch, so be creative and use Google Translate.
For a Dutch website (.nl), you can easily insert the URL into https://www.sidn.nl/whois to find hosting details, check where (Russia/ India?) and when (just recently?) the website was registered and cross-reference address details. Be sure to check that the e-mail addresses on the website correspond with the domain used. For instance, it might be something like example @ outlook.com as opposed to an @-address within the domain of the website.
3. WEBSITE SECURITY: HTTP OR HTTPS?
A secured website has a Secure Sockets Layer or SSL certificate, which means there is a secure connection between the server and the visitor. The url of websites with an SSL certificate starts with HTTPS – rather than just HTTP - and has a small lock symbol in the top left corner of the browser (in the url bar).
As you can see in our current blacklist of fake websites, most of them start with HTTP and the few that do have HTTPS don't feature the little lock. Remember though, cybercriminals are always one step ahead and even SSL certificates can be bought on the black market nowadays.
Websites with HTTPS and a lock aren't necessarily safe, but those that don’t have them definitely aren't.
4. TOO GOOD TO BE TRUE?
Is the offer, either in terms of the volume offered and price, too good to be true? Are they in a rush and do they need a bank transfer in advance? Follow your ‘onderbuikgevoel’ as we call it in Dutch: your gut feeling. More on that in our second storage spoofing article.
5. CHECK OUR FACTS&FIGURES AND THE FERM BLACKLIST
Consult our Facts & Figures on the Port of Rotterdam’s website and the blacklist on the FERM website. FERM is a public/private partnership of the Port of Rotterdam, City of Rotterdam, Sea Port Police and Deltalinqs (representing port companies) in close cooperation with the Regional Environmental Protection Agency (DCMR) and the Public Prosecution Service (OM). This is a regional initiative to increase awareness about cyber resilience in the Port of Rotterdam: FERM is the Dutch translation of resilience.
Remember, criminals are creative and will read this article too!
SEE SPOOFING, REPORT SPOOFING: If you have any tips and insights or if you have spotted a fake website, please contact us at firstname.lastname@example.org.