I often write about the need to carefully evaluate the search results you are given in response to your web searches.
In short, you can’t blindly trust what pops up when you search for something, especially if your query was financial in nature.
This recent news report shines a bright spotlight on this danger.
As explained in the report, a Massachusetts man named Paul decided to open a PayPal account so he typed the search query PayPal into Google in order to find their website.
The problem? Well, the first item listed in the search results wasn’t the real PayPal website. It was a very realistic-looking, but fraudulent copy of PayPal’s official site.
Long story short (you can read the news report linked to above for the entire story), the sign-up form on the fake PayPal website asked for the man’s credit card info, which he provided without giving it a second thought. It’s PayPal, right? Of course they’re going to ask for financial info.
You can probably guess what happened next. Yep, the scammer behind the fake PayPal site now had Paul’s full name, mailing address and credit card info – including the expiration date and three digit security code.
One would think it would take the scammer a while to use the stolen information, but in this particular case he managed to make a fraudulent purchase with Paul’s card info within minutes.
The scary thing is, Paul might never have found out that the “PayPal” site was a fake had his credit card company failed to immediately flag that transaction as possibly being fraudulent and quickly sent an alert to Paul.
It’s just a sad fact that fraud has now permeated virtually every corner of the Internet, including the financial sector. It’s very easy nowadays for scammers to create fake, but extremely convincing looking websites that mimic the official sites of PayPal, banks, insurance companies and even government entities.
They can then use various tricks to get the fake sites to show up in the search results ahead of the actual sites they are mimicking. This is what happened when Paul typed in his PayPal search.
While it’s getting more difficult by the day to avoid scams like this, there are some things you can do to greatly minimize the risk:
1 – If you know the actual URL for a company’s website, type it directly into your browser’s address bar instead of Googling it. And once you’re finished typing, double-check to make sure there are no typos in the address.
2 – If you do need to use a search engine to find a company’s website, carefully examine the URL in the address bar before interacting with the site in any way. If you see anything at all that doesn’t look right, there’s a huge risk that the site is a fake.
For example, if you search for PayPal and the search engine sends you to a domain like payal.com (notice the missing second “p”), you’ll know right away that the site is a fake.
It’s also important to check for character substitutions that make the address look legit when it really isn’t. For example, a casual glance at payPai.com might lead you to believe that the site is legit without noticing that the lower case “L” in the address is actually a lower case “I”.
A couple of other common substitutions used by scammers is replacing the lower case letter “L” with the number “1” or the letter “o” with the number zero. You get the picture.
So what can you do if you’re unable to find a URL for an important website that you can 100% trust?
Well, one tactic that works well is to ask a trusted friend, family member or acquaintance who you know to be a regular visitor to that site to send you the URL in an email or text message. I have done that myself a few times and it has always worked out quite well.
Bottom line: All of the major search engines try to do their very best to keep fraudulent websites out of their search results, but the scammers are everywhere and they never stop developing new techniques for sneaking their fraudulent sites into the search engines. That’s why you should always carefully examine everything you see in your search results with a very skeptical eye.