T
11
c/cybersecurity-tipsbenc53benc5312d ago

Got a phishing email that looked exactly like my bank's login page...

I always thought I'd spot a fake site right away, but this one had the same logo, layout, even the padlock icon. I almost typed my password until I noticed the domain was 'bankofamerica-secure.co' instead of the real address. Spent 20 minutes reporting it to their fraud team. How do you guys train your less tech-savvy coworkers to catch these?
3 comments

Log in to join the discussion

Log In
3 Comments
grace_knight70
grace_knight7012d ago
Oh wow, that's terrifyingly close. Here's something I don't see people mention often though. It's not just the URL that gives them away. A lot of these fake pages actually load super slow because they're pulling images and styles from the real bank's website. So if a login page feels laggy or keeps stalling while loading, that's a red flag. I tell my dad to pay attention to how fast the site feels, not just how it looks. Also, the real bank sites usually have a tiny security banner or a specific font that's hard to copy perfectly. It's the small details that slip through.
5
james_singh7
james_singh712d ago
Gotta push back on this grace_knight70. Loading time isnt a reliable tell anymore because tons of scammers are now using lazy loading tricks and caching plugins that make fake pages load just as fast as the real ones. I helped a buddy recover his account last month and that fake Chase login page loaded in under two seconds. The font and security banner thing is solid in theory but these scammers are getting smart - they screenshot the real site and use it as a background image so it looks pixel perfect. URL is still the only thing that matters imo.
6
terrybennett
terrybennett8d ago
Totally agree on the URL thing being the real tell. What worked for me was actually training myself to always check the domain name in the address bar by physically tapping it on my phone screen, not just glancing. The fake sites often have something like 'chase-secure-login.com' that looks legit if you skim it fast but feels totally off once you actually read each word. Also saved my dad's info once by noticing the URL had a weird misspelling like 'paypaI' with a capital i instead of an L. URL is king, no doubt.
0