Website cloning is a popular method to scam people out of money and/or to damage the credibility of reputable websites and companies…here’s what you need to know.

Any website can be cloned with minimal effort; cyber criminals create a “clone” site that may look exactly like the original site, barring a very small change in the web address. In this blog, you can learn to both spot and protect yourself from cloned websites.

What is website cloning and how does it work?

Website cloning is a method where cyber criminals create nearly identical websites to mirror original ones out of malicious motives. The cloned websites have a URL which is close to the original and can fool users by exchanging lookalike characters, doubling certain characters in the URL, or registering a domain where a single letter is different.

There are free tools available to automate website cloning, and since the attacker can control the rate of requests to the target website, they can limit their footprint below any detection threshold, effectively blending in with the internet noise.

The cloned websites can be hosted with a bulletproof hosting company which do not honor takedown requests. These are very popular because they allow the attacker to host content that violates intellectual property or any other malicious content without the hosting provider terminating their service when organisations or individuals file a takedown request.

Lists of bulletproof providers are freely available online, and some of them even advertise it as a feature.

Who is at risk?

Cyber criminals use this method to target users indiscriminately, along with unsuspecting victims who are not as likely to notice minor differences in websites and URLs.

However, even if users check the URL, there are techniques the attacker can use to make the URL appear as showing the correct name. Follow the tips below for information on how to visit websites safely.

How can I spot cloned websites and protect myself?

Although spotting a cloned website can sometimes be difficult, there are some basic things that you can follow to ensure you are operating safely on websites. The following information will provide you with guidelines on how to accurately spot cloned websites and protect yourself.

Use trusted bookmarks: The user should ensure that they are on a legitimate website, especially when planning on using credentials to log in or perform any sensitive actions such as money transfers or entering sensitive information. Bookmarking the legitimate website and using this instead of any links sent via email or text messages is an effective method.

Verify the SSL certificate: Inspect the website’s SSL certificate to check the domain’s validity. In most browsers, this is done by clicking the padlock icon next to the URL. Websites without SSL certificates should be automatically treated as untrusted, especially if they ask for email addresses, passwords, or other sensitive data.

Check the expiration date of the SSL certificate and when it was issued; if it is only a couple of days old, it could be evidence of a newly registered domain with a fresh SSL certificate.

Find where the webserver is located: Copy the URL of the website and paste it into a hosting checker website to figure out where it is hosted. If the user sees that the website is hosted in a location where the company does not normally do business, it should serve as a red flag.

Utilise search engines: The user can use search engines to navigate to the website they want to visit if they prefer not to use bookmarks. Official websites are positioned higher in the search results since they existed longer and have more links from other websites pointing to them (an important search engine metric).

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).