Which of the e-Commerce websites are phishing attempts? Spot the Phish

Spot the Phishing Attempt

The images displayed below are a combination of real and phishing sites. Spot the phish! Click on the images to zoom in.

Spoiler Alert: Answers are below.

 

Answer: Image 1 shows a real website. The others are phishes! Let’s take a look below…

Image 1 details: The image passes our link checks, format checks, and grammar checks. Nothing seems amiss.

 

Image 2 details: The biggest giveaway is the ‘Amazon Rewards Event’ pop up ad. The hyperlink in the ad has a spoofed domain: amazon.com is replaced by amazon.c0m. Remember, even if the main site you’re visiting is a reputable one, it doesn’t mean you should trust the ads and pop-ups as well. Hackers can place malicious ads on sites and redirect you to a bad website. Never let your guard down. Inspect pop-ups and ads as closely as you would an email or website.

Image 3 details: The URL of the website has typo – “nobl.” Also, the URL has a weird multi domain – ‘.com.ack.’ What professional organization would have such a domain? There is absolutely no need to perform a link check on this one. Totally phishy!

Barnes & Noble Phishing Explained 3

Image 4 details: Now, this is a tricky one. There are no typos, spelling or grammatical errors and even the URL looks good. The only giveaway is that one of the checkboxes says: “Include free YouTube Download Manager.” A pre-checked tool download option is an immediate red flag! If you’re in a hurry and accidentally forget to uncheck the box, it might trigger an adware or malware download in the background that adversely affects your computer and leads to a compromise of your personal or sensitive organizational information.

Best Buy Phishing Explained 4

 

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Intelligence and Insights

Aligning Your Incident Response Plan with NIST SP 800-61 Rev. 3

Aligning Your Incident Response Plan with NIST SP 800-61 Rev. 3

This article offers key updates in the latest NIST guidance, why they’re significant, and what practical steps you can take to update your organization’s incident response plan …
CEO Checklist: How To Know If Your Organization Is Cyber Secure

CEO Checklist: How To Know If Your Organization Is Cyber Secure

This CEO Checklist is a starting point for executive oversight – to spot gaps, test what your team is telling you, & prioritize where to invest attention/budget …
Guide to Penetration Testing Services

Guide to Penetration Testing and Advanced Techniques in Penetration Testing Services

Penetration testing is the interactive nature of the control evaluation. Unlike static assessments, penetration testing services involve dynamic interaction with the system …