One common security threat is the masking of the real website into one that is not the actual one. At first sight it VERY MUCH looks like the actual site, but if you dig deeper into it you’ll see that it’s a fake copy of the actual website. This fake copy can have more than one internal threat to regular users, but the first one and most evident is that the user, thinking that he/she is logging on to the correct site, enters the user name and password. The bogus website, in turn, will read the username and password and give them to the person behind the making of this bogus site (ie: the hacker) so that he can do different things with the information acquired.

When you receive an email message (from your bank or any other institution) prompting you to log on to a website, the initial measures to take are:

1. Delete the message and, if you want to log on to the actual website of the institution, type the website's address on the internet browser, rather than getting there by clicking on any email's link.

2. Forward the message to your IT support team or to support@nextstepnetworks.com if you already are our client, so that the contents of the message can be analyzed to determine if it is good or fake.

3. If you still trust the message to a certain level, mouse over the link (do NOT click on the link) and see the exact address that the message directs you to. To learn how to determine whether the website you are being directed to is the original site, take a look at our article about  fake domain names.

In one of the examples we studied, by the end of the day the email had been received the link to the fake website had disappeared and doesn’t seem to exist anymore. Who knows how many people fell into the trap. Worst of all, many of them may have given away their new username and password and may still not know it!