Five Tell-Tale Signs of a Compromised Website

Everyone has done it at least once – entered the wrong URL when trying to visit a website. Maybe instead of "google.com" you fat-fingered "google.cm," Google's main search page for Cameroon. No big deal there, and we hear the scenery there is lovely. But sometimes a tiny mistake can result in big problems. Entering a URL that’s off by just one letter could land you on a compromised website that’s chock full of malware or a fake site that mimics the real one to trick you into divulging your username and password. Other wrong (but almost right) URLs might land you on questionable sites full of ads, NSFW content, or pages that try to fool you into handing over your heard-earned cash. This deceptive practice of using almost-legit URLs to trick people is known as "typosquatting." The problem of typosquatting is widespread. Countless slightly-misspelled URLs send unwitting users to unwanted websites every day, and the perpetrators of this trickery can be quite clever. They often target popular websites using convincing-looking domains, such as "netflix.om," “spotify.om” and “citibank.om,” that use the top-level domain for the country of Oman. Other examples of typosquatting include slight misspellings, such as goggle.com or the even more legitimate looking whitehouse.com, which is spelled correctly but is on a different top level domain (the official U.S. White House site uses .org). The issue has gotten even worse recently thanks to the introduction of many new generic top-level domains like .fitness, .ninja, and .coffee which make it easier for hackers to obtain a legitimate-looking URL. So when it comes to a potentially shady website, how can you distinguish a potentially dangerous fake site from the real deal and teach susceptible end users what to look out for? The following easy-to-spot signs of a compromised site can help. And we know from a recent Spiceworks survey that the risky behavior of end users is the number one IT security challenge. So most importantly, make sure your colleagues are aware of the signs to avoid landing on a shady website and putting your company’s privacy, data and pocketbook at risk.

1. Weird looking URL

When an imposter website looks like the actual one but the URL doesn’t match, that’s a dead giveaway of a typosquatted site. Take an extra second to inspect URLs for suspicious misspellings, punctuation, or possibly long and garbled text in the address bar. If you’re using a web browser that only displays the domain instead of the full address, you might need to click on the address bar to reveal the whole URL. Additionally, if you see a suspect link in an email or on a website, make sure to hover over the hypertext to preview the URL before clicking through.

2. Unwanted downloads

If a site aggressively prompts you to download an app or install a Flash Player update, o claims that your computer is infected by a virus, that’s a big sign something fishy is going on. Before you click on a button to run a (fake) antivirus scan or remove a virus that was just identified on your system by some random website, know that this is one of the oldest tricks in the book. Don’t install anything, because you’re likely to get infected by some form of malware. Security researcher and blogger Brian Krebs said it best when he said, "If you didn't go looking for it, don't download it!"

3. Strange behavior on a legitimate site

If you went looking for Amazon.com, but pages advertising weight loss secrets or hot stock tips pop up instead, this could mean the site has been compromised without the website owner even realizing it. The hacking technique where a commonly visited website is compromised is known as a watering hole attack, which is often used to infect users with malware.

4. No SSL certificate/HTTPS

The use of encryption is now common on most major internet sites. In fact, according to Google, use of encryption jumped from 52 percent in 2013 to 77 percent in 2016. Legitimate sites that handle sensitive information will use encryption, which is usually indicated with a padlock and HTTPS in the URL. Chances are that a fake sight won’t be secure, but hackers are starting to set up their own secure phishing sites, as well.

5. Warnings from security tools

If someone sends you a link to a website that looks a little strange, don’t just click on the link or type in the URL. Instead of going straight to the site, you can use tools to check if a website is safe or not. These tools check if the website is on blacklists of known malicious sites maintained by security organizations. Search engines sometimes flag potentially dangerous sites, as well, so it might be worth looking up suspicious websites on Google before visiting them. A little vigilance goes a long way, and it’s better to be safe than to roll the dice on a suspicious URL. With a combination of a watchful eye, up-to-date security software and end user training, you can minimize your risk. In closing, always be careful online and make sure your end users know how to spot a compromised website. As many IT professionals have experienced firsthand, organizations are much more vulnerable when employees don’t know how to avoid risky behavior on the internet.  

Image

About the Author: Peter Tsai is an IT analyst at Spiceworks. Formerly a systems administrator, programmer, and server engineer who has lived IT from the inside and out, Peter now works to serve up IT articles, reports, infographics, and livecasts that inform and entertain millions of IT pros in the Spiceworks network worldwide. You can follow him on Twitter and LinkedIn, and you can read more about him on Spiceworks. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.