home

Website spoofing

Website spoofing

(also web spoofing, domain spoofing)

Website spoofing definition

Website spoofing is a scam that involves creating a replica of a trusted website to mislead users that the website is authentic. Cybercriminals use these fraudulent sites to steal visitors’ personal information or funds. The spoof website will typically look like the original, with the same or a similar design and even a similar URL. Due to the sophisticated methods cybercriminals use, identifying spoofed websites can be difficult.

How website spoofing works

1. Cybercriminals create a replica website of a well-known company. This process often involves registering a domain name nearly identical to the authentic one and creating a website that looks very similar to the original one.
2. Users land on the website and think it’s authentic. After cybercriminals have constructed a convincing fake website, they rely on potential victims to land on it. They may sometimes also send spoofed emails with links to the fraudulent site (known as email spoofing).
3. Cybercriminals steal information from the victims. Thinking they’re interacting with a trusted website, users may carry on with their normal behavior (like typing their username and password or entering credit card numbers). Scammers can then steal this information to access their accounts on legitimate websites or to shop elsewhere.

How to identify fake websites

Double-check the domain name. Spoofed websites often have a domain name similar to the original, but it won’t be exactly the same.

Browse the website. Spend some time reviewing the site. Look for an outdated interface, spelling or grammar mistakes, or phrases that don’t sound right.