Don’t let website spoofing ruin your holiday shopping

Thanksgiving is just a few days away.  While for many of us, the perfect way to wrap up that big meal is a long nap, there are just as many people who will jump on their computers and officially kick off the Christmas shopping marathon.

Things have certainly changed a lot in the past 30 years.  No longer do we bundle up and race to the shopping malls to jump on those One Day Only Black Friday doorbusters.  Now we can sit at our desks in our pajamas with a hot cup of coffee for several days scooping up deals on our Christmas shopping lists.

The internet has definitely changed the game of how most of us handle the holiday season.  But with the convenience of online Christmas shopping comes the pitfalls.  It is without a doubt the most lucrative time of year for scammers.

Scammers have always been hyperactive during the holiday season.  But with so many of us using the internet to do our shopping, taking advantage of unsuspecting shoppers has never been easier.  Anyone with a little web design talent can use a basic trap to scam thousands of dollars from those unable to tell the real from the fake.

What we’re talking about is called website spoofing.  It’s the practice of creating a dummy website—one that looks incredibly like a trusted and popular retail site—and using it to collect credit card and other personal information.

There are a number of ways you might encounter a spoofed website.  More often than not, it’ll be linked to you through a bogus email saying it’s from your bank, offering you a deal or prize from a reputable retailer, or pretending it’s a receipt, invoice, or some other critical communication from a trusted online portal.  However, you can run into a spoofed website simply by mistyping a real URL or finding it through a simple Google search.

Scammers go to great lengths to impersonate the website you’re actually looking for.  Everything from the logos, arrangement of elements on the page, font type and size, color scheme, and catchphrases will be as close to the real thing as possible.  On first glance, a good spoofed website will be almost indistinguishable from the legitimate site.

But there are almost always warning signs on the page if you know where to look:


Amazon is a heavy-hitter in the Christmas shopping world.  Even outside of the holidays, many of us use Amazon to do our day-to-day shopping.  We wouldn’t think twice about receiving emails from the retail giant.

But take a look at that URL.  That’s not correct.  This is a scammer hoping you won’t notice that you’re on a completely different web address.


Here’s the login to Paypal, a secure payment service that many people use while making online purchases.

Except, not so fast.  This is another spoofed site.  In this example, many of the tabs and hyperlinks are nonfunctional.  There is also nothing indicating that the page is secure and protected—just a phony lock symbol on the page itself.

Telling the real from the fake is challenging, but it’s not impossible.  It just takes a few minutes of investigation and verification before you click links and enter your information.

Always verify that the URL is absolutely correct.  Hover over hyperlinks to display the URL to which the link leads and verify that these are safe pages.  Look for broken links, nonfunctioning links, and blatant errors.  Be sure the URL begins with “https.”

And in the case of the fake promotional emails that lead you to these sites, the old adage stands: if it seems too good to be true, it probably is.

Leave a Reply