Phishing is a particular type of online scam that involves using email to dupe people into visiting a website set up for the sole purpose of tricking them. Common results from this type of scam are the loss of money or personal information or the inadvertent downloading of nasty software that proceeds to perpetrate a plethora of additional scams.

Thanks to humankind’s seemingly inexhaustible desire to be fooled, phishing has become a huge business for hackers. But the tricky emails are only the front end of the scam. At the back end lies the phishing website, which you need to learn how to spot.

How Does a Phishing Website Lure You In?

While reams have been written about how to avoid clicking on phishy emails , it doesn’t seem to make much of a dent in the number of suckers who continue to do it. Let’s approach this from a different angle and see what we can do to educate you on what to look for after that fateful click sends you hurtling into cyberspace.

In short, let’s learn how to separate a legitimate website from one former president George W. Bush might have called an evil-doer.

Study the URL

URL stands for Uniform Resource Locator. You probably know it as that place at the top of web page that starts with “http://” and holds the domain name. The good news is you can learn a lot by checking the URL before browsing deeper into a suspicious site and certainly before you enter any information into a form.

A good tip that you’re about to fall victim to a phishing website is if you see weird, random characters in the URL and especially if you notice other unrelated text before the company name.

Look for a Trust Seal

A trust seal is a third party graphic that links back to the provider and verifies that the website is legitimate.

You’d be surprised how many hackers don’t bother to put up even a fake seal. The lack of a trust seal combined with a squirrelly URL should set red flags waving in your mind.

Extended Validation (EV) SSL

When you see the letters SSL, all you need to know is that a high level of data encryption is operating on that website, which is a good thing. More and more companies, however, are choosing to implement an EV SSL certificate.

You can verify that this is in place by scanning any green identifying information to the left of the “http://” in the URL. You should see the company name there.

Watch for Homographs

Also known as script-spoofing, some foreign languages contain characters that, when combined, show up in the URL as legitimate companies like Google.com and even carry a real SSL certificate. Especially vulnerable to this are the browsers Chrome, Opera, and Firefox.

There is no foolproof way to detect these frauds so be extra darn sure you arrived at the website by a trustworthy route before entering personal or financial information into a form.

The Bottom Line

Remember that 1990s television show, the X-Files? One of the recurring themes was trust no one. When it comes to protecting yourself from internet criminals, especially in the form of phishing websites, it would be a good idea to adopt that philosophy.