How to really recognise phishing sites
Many phishing awareness companies recommend looking for spelling mistakes in emails as a way to identify potential scams. This is misleading abvice since many scammers are sophisticated enough to use a spell checker and are able to create convincing emails with correct spelling and grammar.
One of the most common features of scams are hyperlinks in their emails. These hyperlinks can purport to link to the legitimate site but actually lead to phishing websites that look like the real thing. To avoid falling for this trick, users should always hover over the hyperlink to see the actual URL that it leads to. If the URL is not a domain you recognise do not click it and enter any personal information.
Users should always be vigilant when visiting websites, even if they look legitimate. Scammers can create copies of real websites with relative ease, and often employ a similar domain name to the real one. For example, a scammer might create a fake banking website with the domain name “mybankingaccount.com” instead of the legitimate “mybank.com” To avoid falling for this trick, users should always triple-check the domain name of any website they visit, and should not enter sensitive information into with a domain name they have no history of logging to. If one doesn’t quite remember the real domain for a given brand, they could google it and look for the first non-ad result. This should be corroborated though, since it’s become increasingly common for phishers to pay for google advertising which puts them at top of google search results.
In summary, looking for spelling mistakes isn’t effective and can actually be detrimental. Instead, users should focus on checking hyperlinks, figuring out the real domain of the entity they need to log in to, not opening attachments they don’t trust, and checking the domain of any website they visit, regardless of how the website looks. Following the “triple check the domain name” rule is really all you need to know. Always treat login forms with suspicion and expect to already be logged in to services you use regularly.