Why is this important?
Entering your login details on a fake website can lead to:
- Theft of business or personal accounts – attackers can gain access to your email, corporate systems, or customer data.
- Identity theft – your personal data could be used for identity fraud or further scams.
- Using your account for attacks on others – for example, sending more phishing emails from your address.
How to recognise a fake website?
Recognising a fake website can protect you from having your login details stolen. First, always check the URL address – fake sites often contain minor typos or unusual domain extensions (e.g., “.info” instead of “.co.uk”). Remember that the genuine website address is located between the double slashes (“//”) and the next slash (“/”) – for example, in “https://bank-example.co.uk/login”, the real domain is “bank-example.co.uk”.
Check if the address starts with “https://” and if there is a security padlock, but note that the padlock alone does not guarantee authenticity. Click on the padlock and check the certificate’s issuing authority – it should be an official entity that matches the company's name.
Watch out for spelling mistakes and low-quality images – these are common signs of a fake website. If the site asks for personal data or login details in an unusual context (e.g., a contest or account update), it’s safer to exit and manually type the address in your browser. Never click on links sent in unexpected emails or text messages – they might lead directly to phishing sites.
What to do immediately after entering details on a fake website?
-
Report the incident at work
- Immediately inform the IT department – even if you think you’ve regained control, the IT team can perform more thorough security checks. They can:
- Identify the source of the attack and assess the scope of the threat.
- Scan systems for malware.
- Temporarily block your account to prevent further breaches.
- Immediately notify the Data Protection Officer (DPO) to:
- Assess whether the incident needs to be reported to the ICO and conduct a risk analysis.
- Coordinate remedial actions, including notifying individuals whose data may have been compromised.
- Ensure proper documentation in line with GDPR requirements, including incident details, actions taken, and preventive measures.
-
Change the password on the compromised account
- Go to the real website of the service (e.g., bank or email) and change your password immediately.
- If you used the same password elsewhere, change it on all other accounts as well.
-
Check your account security settings
- Logins and sessions: Check recent logins and active sessions – log out of any you don’t recognise.
- Email addresses and phone numbers: Ensure no unknown addresses or phone numbers have been added to your account.
- Forwarding settings: Check for automatic email forwarding to unknown addresses.
Real-life example:
In December 2023, hotel owners received fake booking enquiries containing malware. After infecting the system, the attackers stole login details for Booking.com, created fake listings and phishing sites, and deceived hotel customers. Detailed information about this incident can be found in the CSIRT KNF report: CSIRT KNF Report.
Summary
If you entered your details on a fake website, act quickly – report it to your company, change your password, and check your account security settings. Your swift reaction can prevent data theft and serious consequences. However, the best defence is caution – always check the website address and security certificate before entering any information.