See this in a URL? Don’t click!

Google Sites spoofing
© Napong Rattanaraktiya | Dreamstime.com

Platforms such as Wix and Squarespace are hugely popular, as you can quickly design a website in a few clicks with no technical knowledge. Did you know that Google offers a free website creator? It’s not well known but is gaining popularity. It’s called Google Sites. The problem is criminals are using the platform to create spoofed sites, trying to rip you off.

Read on to find out how scammers use Google Sites in all the wrong ways.

Criminals using Google Sites to create spoofed websites

While it isn’t as well-known as Gmail or Sheets, Google Sites lets anybody with a Google account create a basic website with limited functionality. First launched in 2008, it is part of the Google Docs Editors suite and guides you through the creation process.

Once your website is complete, you can assign it a custom URL that uses the google.sites.com domain. But it’s this naming convention that scammers use to exploit you into handing over credentials to banking sites, payment services and more.

The scam works similarly to other spoofed websites, where criminals create a near-identical copy of a legitimate site. At first glance, the google.sites.com domain is easy to overlook when searching for a specific business or service.

For example, if you do a Google Search for a payment platform like PayPal, you could see results with google.sites in the URL. When you click the link, it will look like the official PayPal login screen.

But in reality, signing into your account is handing over your credentials to thieves. Now they can access your PayPal account can cause plenty of financial havoc.

How to avoid spoofed websites

Be cautious when visiting any website that requires you to sign in or divulge sensitive information. There are a few ways to keep your personal information and finances protected. Spoofing is so out of control that the FBI is trying to raise awareness. Here are suggestions from the FBI:

  • Verify the spelling of web addresses, websites, and email addresses to identify imitations.
  • Look for a padlock icon next to the URL in the address bar to verify that the website you visit has a Secure Sockets Layer (SSL) certificate.
  • Don’t click links found in Google Search results. Try getting into the habit of typing the URL of the website you want to visit directly into the address bar.
  • Ensure operating systems and applications are updated to the most current versions.
  • Have antivirus software updated and running on all of your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
  • Disable or remove unneeded software applications.
  • Use two-factor authentication when possible, via biometrics, hardware tokens, or authentication apps.

If you or someone you know has come across what you believe to be a spoofed unemployment benefit site, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Keep reading

Watch out for fake restaurant websites thanks to delivery service’s shady plan

Beware of fake Equifax claims websites trying to scam you

Tags: antivirus, apps, awareness, Google, guides, internet, Internet Crime Complaint Center, operating systems, PayPal, scammers, spoofed websites, spoofing, two-factor authentication