IT expert told about ways to check fraudulent sites

Against the backdrop of the growing popularity of online services, a new type of fraudster has emerged in recent years - they create phishing sites to steal citizens' data. Such sites look very similar to the resources that many people are used to, but they are dangerous. Anastasia Shirinkina, an IT expert and founder of the iAM website development company, told Izvestia on February 7.

"Check the URL of the site (website link). The first and easiest step is to check the website address. Genuine company and government websites always use the reliable HTTPS protocol. Pay attention to the presence of a padlock in your browser's address bar, which confirms an encrypted connection. If you see 'http://' rather than 'https://', it signals a possible threat," she told us.

In addition, it is worth thinking about if the domain name of the site is similar to the real one, but contains small typos or extra characters. It matters every letter, number or sign - this is a clear sign of fraud.

"Real websites of large companies should always have real contact details. If the data seems suspicious (for example, the e-mail address consists of random characters), then the site is most likely fake," added the interlocutor of the publication.

Among other things, she noted, attackers often do not pay attention to the design of their phishing sites. A fake can be distinguished by sloppiness, errors in texts and images. You should also be cautious about suspicious links in emails and messages, especially if they offer goods or services with too good prices or overdue discounts.

For the company: fraudsters have become more likely to disguise phishing as employer services

45% of employees respond to a request to test their firm's resource or change their password

First of all, says Shirinkina, it is necessary to check banking sites and services related to finance, as they are the most frequent victims of phishing attacks. This is how criminals try to gain access to bank details, passwords and personal data of users. It is very important to study sites and resources related to government services - criminals can trick users into entering their passwords from real portals.

Online shopping sites deserve attention in this matter. On them, goods can allegedly cost much cheaper. Fraudsters through such sites can also obtain card data and conduct transactions with the accounts of citizens. In addition, phishing is actively used to gain access to personal social networks and email accounts. Criminals offer to enter a password on fake pages that look like real ones.

The day before, Izvestia read the results of the Threat Zone 2025 study, according to which in 2024, 61% of groups attacking the Russian Federation used phishing emails to gain initial access to the IT infrastructure of organizations.