TL;DR
This guide shows you how to automatically detect and warn you about fake login pages that look like the real ones, using your browser’s built-in features and extensions. This helps protect your usernames and passwords from being stolen.
How it Works
Attackers often create websites that mimic popular services (like banking or email) to trick you into entering your login details. These are called ‘look-alike’ pages. We’ll use a combination of techniques to spot these:
- URL Analysis: Checking the website address for subtle differences.
- Certificate Checks: Verifying that the website is properly secured with an SSL certificate.
- Extension-Based Protection: Using browser extensions designed to detect phishing and fake login pages.
Step-by-Step Guide
- Enable Safe Browsing in Your Browser
- Most modern browsers (Chrome, Firefox, Edge) have built-in safe browsing features that warn you about known dangerous websites. Make sure this is turned on.
- Chrome: Settings > Privacy and security > Security > Enhanced protection
- Firefox: Options > Privacy & Security > Safe Browsing
- Edge: Settings > Privacy, search, and services > Microsoft Defender SmartScreen
- Most modern browsers (Chrome, Firefox, Edge) have built-in safe browsing features that warn you about known dangerous websites. Make sure this is turned on.
- Check the Website Address (URL) Carefully
- Before entering your login details, always look at the website address in the browser’s address bar.
- Look for:
- Misspellings of the domain name (e.g., paypa1.com instead of paypal.com)
- Unusual subdomains or paths (e.g., secure-login.paypal.com/something)
- Using HTTP instead of HTTPS (HTTPS indicates a secure connection – look for the padlock icon).
- Verify SSL Certificates
- Click on the padlock icon in the address bar. This will show you information about the website’s security certificate.
- Check that the certificate is valid and issued to the correct organisation (the company you expect).
If the certificate isn’t valid, or doesn’t match the website, it’s a strong warning sign.
- Install a Browser Extension for Phishing Protection
- Several extensions can help detect phishing and fake login pages.
- Bitdefender TrafficLight: A free extension that checks websites against known threats.
- Avast Online Security & Privacy: Another popular option with similar features.
- uBlock Origin (with filter lists): While primarily an ad blocker, uBlock Origin can also block many phishing sites when used with appropriate filter lists. Add EasyPrivacy and other relevant lists in the extension settings.
- To install an extension:
- Chrome: Chrome Web Store
- Firefox: Firefox Add-ons
- Edge: Microsoft Edge Add-ons
- Several extensions can help detect phishing and fake login pages.
- Use a Password Manager with Built-in Protection
- Password managers like 1Password, LastPass, and Bitwarden can automatically detect fake login pages.
- They will only auto-fill your credentials on the legitimate website. If they don’t offer to fill in your details, it’s a sign that you might be on a fake site.
- Be Wary of Links in Emails and Messages
- Never click on links in emails or messages asking for your login details. Always type the website address directly into your browser.
- Hover over the link (without clicking) to see where it actually leads. If the URL looks suspicious, don’t click it.
Important Reminders
- No system is perfect. Attackers are constantly developing new techniques.
- Stay vigilant and always double-check before entering your login details.
- If you suspect a website is fake, report it to the relevant authorities (e.g., your bank or email provider).