Avast went to Charlotte, N.C., to ask people if they could tell real websites from scam websites. Take the same quiz – and learn tips from the FBI and Avast experts.
Do you get suspicious emails claiming to be from real companies? Do they guide you to websites that appear real – except for strange details? You’re not alone. The most costly cybersecurity threat, according to the newly released “Internet Crime Report” from the Federal Bureau of Investigation, is email fraud – often pointing the recipient to a fraudulent or “scam” site.
In 2018, the FBI received more than 20,000 complaints of criminal email compromises with losses of more than $1.2 billion. FBI Special Agent Kelsey Harris told The Avast Blog that email compromise fraud has been the most expensive cybercrime reported to the FBI’s IC3 in recent years.
Avast went to Charlotte, N.C., a city with a booming economy and many tech ties, to see if Charlotteans could tell a real website from a fake website – and to find out what they wanted in cybersecurity. On the streets of Uptown Charlotte, where top banks’ skyscraper headquarters tower above lively Tryon Street, Avast asked folks to take our Phishing Challenge, and you can take it, too.
Take our Phishing Challenge and see if you can spot fake websites – it might be tougher than you think. Is the website in the photo above real? Would you enter your personal information there if an official-looking email sent you to the site? (Find out if the pictured site is real or fake at the bottom of this post.)
In giving out free licenses for virtual private networks (VPN), Avast made a local connection in Charlotte that had a global impact. Michael Borkay, a Charlotte-area systems admin from Liberia accepted several trial VPN access after chatting with security evangelist Jasdev Dhaliwal at Avast’s tent at the popular annual Taste of Charlotte festival. “Little did I know I would help people back home in Liberia,” Borkay said.
When Borkay saw that the government shut down social media in his homeland to suppress protests, he posted the VPN license information on Facebook so his friends back home could access social media. “My inbox got inundated with people asking for help.” Borkay gave out all the access codes for VPNs to help people to get safely online, but requests kept coming in. “So I went back to the tent and asked if I could have some more. (Dhaliwal) gave me a whole handful. We ended up helping more than 100 people find out what was going on and connect with their friends and family on Facebook.”
Globally and locally cybersecurity’s impact was clear during the Charlotte event. According to the FBI report, cybercrime cost North Carolinians more than $137 million in 2018, placing it fifth on the list of US States for victims’ financial loss. With over 7,500 reported incidents, the average cost of a single cybercrime incident to a North Carolinian tops $18,000; that is double the average cost per incident of number one ranked California, where the average cost per incident was just over $9,000.
As Avast’s Phishing Challenge quiz shows, those costly cybercrimes can hinge on tiny nuances in a scam email or fraudulent site.
“The reason it’s so hard to spot a malicious email or website with the naked eye is that it’s incredibly easy to make a very legitimate-looking fake,” said Dhaliwal, Avast security evangelist. “That’s why it’s vital that users protect themselves with antivirus software that has advanced anti-phishing capabilities built in.”
Although cybersecurity software detection engines flag phishing sites based on HTML content, the more sophisticated methods used by cybercriminals to build their phishing pages can bypass some antivirus detections. That is where artificial intelligence comes in. Using AI, Avast can reliably detect fake pages based on a much broader range of techniques.
“Hundreds of millions of people use Avast around the globe and that helps feed our AI with data so that we can detect threats faster and protect users more effectively,” said Dhaliwal. “Avast scans every website our 400 million users visit, taking a close look at data the human eye can’t see such as the popularity of the domains hosting the websites. Other factors are also assessed, such as the website certificate, the age of the domain, and suspicious URL tokens to determine whether or not a site should be processed. This allows us to detect phishing sites with a much higher degree of accuracy than even the smartest person can.”
The lifespans of most phishing sites are very short – too short for search engines to index them. This is reflected in domain ratings. The popularity and history of domains can also be initial indicators of whether pages are safe or malicious. By looking into this and comparing sites’ visual characteristics, we can decide whether the website is clean or contains threats.
“With Avast you don’t have to worry if you accidentally click on a phishing site. We will automatically detect the fake and prevent you from landing on the malicious site, simply by using our top-rated software,” Dhaliwal said.
The website pictured above is fake, and was created by hackers to deceive banking customers. While the site looks real, its url (web address) shown below the picture of the website does not reflect the domain of the business – a telltale sign of a fake site.
In the first installment of our "What Does the Internet Know About Me?" series, we compare the information that Fitbit delivers to users with personal data that the company collects.
The single sign-on (SSO) authentication protocol has come a long way since its inception in the 1980’s, and it is likely to be a key component of our digital world in 2021 and beyond.