Be careful when sliding your phone! The cybersecurity trap behind fake official websites

        You may think that fraud is just an old trick of unfamiliar phone calls and fake customer service, but in fact, fake official websites have quietly infiltrated our lives. Recently, a Taiwanese artist searched for the "Converse official website" on Google and found that the products on the website were complete and the prices were consistent with the counters. Unexpectedly, after placing an order, they received a pair of counterfeit shoes. After inquiring with the physical store, they found out that the brand no longer has an official website in Taiwan, and everything is a trap set by a fraud group. This is not just a case, but a microcosm of the comprehensive escalation of fake official website fraud. From shopping websites, government agencies, to banks and social media platforms, hackers use highly realistic web pages, combined with advertising placement, text message links, and search engine rankings, to push traps to users. As long as they are not careful, they may lose money, accounts, and even personal information. Follow this issue of "Information Network" to learn six good security habits and protect your personal information.

        Real case: Fake official websites have more than one appearance

                1. Shopping Trap

        In addition to the Converse fake website incident, there have also been many people using 7-11 "selling convenience" recently who have encountered transaction partners claiming to be buyers sending links and requesting the option of "bank transfer". After verification, the official sales platform currently only supports three payment methods: "pick-up payment", "icash Pay", and "credit card", and there is no bank transfer at all. The police remind that when conducting online transactions, it is necessary to first use official or trusted platforms for financial and logistics services. In case of disputes, assistance or compensation can only be obtained.

        2. Fake government websites

        After the policy of issuing cash NTD 10000 was approved, many people received a text message link from the Central Deposit Insurance Corporation. After clicking on the webpage, there was a government logo, traditional Chinese characters, and an application button, which looked quite professional. However, once the information was entered, it was equivalent to handing over the withdrawal password to the fraud group. The 165 anti fraud hotline has repeatedly emphasized that the government will not use text messages to notify subsidies, nor will it require the public to input complete financial information.

        3. Fake peripheral advertisements

        The box office of the first chapter of the theatrical version of "Blade of the Ghosts: Infinite City" was impressive, and fraud groups also took advantage of the situation. Some people saw a post on social media saying "give away a free Blade of the Ghosts movie poster" and participated in the event. They were first asked to transfer money to pay for the shipping fee, and then repeatedly asked to transfer money by fake customer service on the grounds of account cash flow authentication, resulting in a loss of over NTD 100000. The police remind that hearing "gold flow authentication" or "real name authentication" is fraud, and official customer service should follow the official website announcement.

        The above cases may seem different, but behind them all have a common point: using fake official websites to create a seemingly professional and familiar illusion, reducing users' vigilance.

        Why is it easy for fake official websites to succeed?

        Fake official websites are an upgraded version of phishing and social engineering. Scam groups do not need to hack into the system, as long as users hand over information themselves, they can easily succeed. Common reasons include:

        The trust between name and appearance: The logo of a brand or government is the best endorsement, and most people become less alert when they see familiar images.

        The domain trap of one character difference: The so-called typosquatting (website spoofing) is disguised by missing one vowel, adding one more symbol, or replacing letters, such as replacing m with rn, which is difficult to distinguish at first glance.

        Creating the illusion of a legitimate process: Fake official websites will require the input of OTP (one-time password), shipping address, or card number, creating a seemingly normal transaction process that makes victims feel more at ease.

        AI and SEO technology support: Scam groups use AI tools to quickly generate a large number of fake websites, and then use SEO (search engine optimization) techniques to make fake websites rank high. Even if users do not click on advertisements, they may fall into traps in search results.

        How should individuals protect themselves? Six Good Habits for Security

        Clearly read the website suffix: Government websites should end with ". gov.tw", and brand websites should be consistent with official announcements, with an additional letter or symbol, all of which are fake websites.

        Manually enter website address: Avoid directly clicking on links in text messages, emails, or social media platforms. It is safest to enter the website address from bookmarks or by yourself.

        Be alert to sensitive information requirements: When a website requests to enter an ID number, credit card number, or OTP password, is it necessary to pause and think about it first? It is best to confirm again through phone or official customer service.

        Confirm official channels: Before shopping, it is advisable to go to the brand's fan store or customer service to confirm. For example, Converse does not have an official website in Taiwan and can only be purchased through physical stores or legitimate e-commerce platforms.

        Enable Multi Factor Authentication (MFA): In addition to OTP, it is recommended to use validator apps (such as Google Authenticator, Microsoft Authenticator) or security keys to reduce the risk of SMS interception.

        Be alert when searching: The official website you find may not necessarily be genuine. Before clicking, you should compare the URL with the official announcement to see if they match.

        The seemingly subtle actions mentioned above are the most effective ways to protect one's security.

        Security awareness is the best protective shield

        Fake official website fraud combines social engineering, technical deception, and psychological manipulation, lurking in daily browsing and clicking. Its success is often not due to how skilled the hackers are, but because people are accustomed to believing in seemingly familiar images. The next time you see information about limited time discounts, government subsidies, account anomalies, etc., hold onto doubts and ask, 'Is this really an official website?' Spending ten seconds to verify may save tens of thousands of yuan and hundreds of hours of trouble. In an era where even clicks can be risky, security awareness is our most important protective shield.

        *Image source: freepik

        #