Anyone can fall for a phishing attempt online, especially when websites appear to be legitimate. Scammers have become savvier about tricking users into typing in their usernames and passwords, sharing other private information, or even downloading what appears to be legitimate software. According to Google Safe Browsing, users may even be unaware that software is being downloaded after visiting a malicious website—and “hackers can use this software to capture and transmit users’ private or sensitive information.”

Similar domain names and substitute characters have made spotting a malicious website or phishing attempt harder. However, you can take action to avoid falling for a scam.

Here are a few tips to spot a malicious website or phishing attempt:

  1. Pay close attention to the URL

Taking a look at the domain extension (.com, .org, .edu, etc.) and the site to the left of the extension can save you time and energy when it comes to dealing with a hacker. If the only thing you see in the URL bar is “,” then you know you are on the official CMIT Solutions website. However, scammers will often fool people by putting an additional word or phrase in the URL, making it similar to the original (i.e. “http://cmitsolutions.(something else).com.”).  If you see a URL like this, you may be on a scammer’s website instead of the official CMIT Solutions website.

  1. Trust your gut when it comes to suspicious emails

If you get an urgent email from your boss asking you to purchase items for clients, you may rush to complete the task without asking questions. However, take a minute to check the actual email address of the sender—it may surprise you. Although hackers have figured out how to make the sender name seem legitimate, it’s still likely that the email address of the sender will not match the email you know to be true. Do not click any links to send information or money to anyone without verifying that the request is legitimate. In addition, notify your IT support staff, whether internal or external, to cut down on the future threat of fraud or infection. If you suspect that an email is a scam, trust your gut and send it to spam.

  1. Check the validity of the website

If you want to be proactive, you can run a security check on a website before you decide to put a username and password into the site. For example, Google Safe Browsing has a transparency report to identify the safety of any given website. Search engines such as Chrome have also implemented technology to protect people against suspicious sites. It’s better to check the website before taking a risk in order to protect your computer and your company’s IT security.

At CMIT Solutions, we are dedicated to providing premier IT support to small and mid-market businesses. We worry about IT so you don’t have to, working 24/7 to prevent our clients from the negative impacts of phishing attempts, scams, hacks, data breaches, malware, viruses, and more. We understand how to utilize company-wide internet filtering and network security to stop many unauthorized phishing attempts. Contact us today to protect your business.