A couple weeks ago a visitor to our website asked to chat with our sales team about a problem they were having. They clicked on the “chat” button in the lower right corner of our page, and within a few seconds had one of our sales reps, Dan, on the line.
Naturally, we love it when people see what we’re doing, recognize that we could help protect their customers from phishing attacks, and are looking for more information. We’re here to help. But this person—Steve—was different. He wasn’t trying to protect his customers, he was the customer. Confused by a site that seemed to be “a phishing/scam” site, he wanted to get some confirmation from phishing experts.
Steve didn’t know whether the site was a fraud or not, but he was smart enough to cross-check the 800-number on the site vs. information he found elsewhere for the company, and it didn’t seem to add up. The ever-helpful Dan quickly looked at the site and told Steve there wasn’t an obvious problem. He also provided links to tools Steve could use on his own, in the future.
Unfortunately, most consumers aren’t as conscientious and diligent as Steve—and how could they be? They have limited or no technical training, and they have busy lives with many distractions, making this kind of due diligence impractical. Protecting consumers really has to be a responsibility of the owners of trusted websites—banks, travel companies, retailers, financial firms, government agencies, and more. Allure Security’s mission is to make that possible.
But for Steve and other consumers who are, most of the time, on their own, here are a few resources that can help:
- Google Safe Browsing (https://transparencyreport.google.com/safe-browsing/search) – If you use Chrome as your browser, you’re already integrated with Google’s Safe Browsing technology, which will warn you if you visit a known-bad site. But you can also check a specific URL via this page.
- Scan URL (https://scanurl.net/) – This site lets you submit a URL where it’s evaluated by a lengthy list of security services.
- The FTC (https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams) – The Federal Trade Commission has a site with excellent information on recognizing a phishing attack, plus information on responding to an issue.
We know that attackers intentionally build highly convincing, fake websites that capitalize on the trust customers have in the brands they do business with. Their goal is to lure unsuspecting customers to the malicious site, where they can trick the end user into giving up their login credentials. Even companies with domain monitoring solutions can fall prey to this. At Allure, our mission is to help companies protect customers like Steve from spoof websites that are part of an orchestrated phishing attack. That’s why we created our online form to report potentially suspicious websites. We never imagined that consumers themselves would be coming to us for help. In our view, Steve’s inquiry just underscores the need for enterprises to step up and take more proactive measures to detect, investigate and take down spoof sites before they damage your brand’s reputation.
To see a demo of our solution, contact an Allure Security expert today.
