It seems that every day there is a new hack, scam or ransomware threat circling the Internet. The latest treat isn’t technically new, having been a troublesome part of Internet life since as long as anyone can remember. Unfortunately, as the world shifts from computers to smartphones, so does this threat. It’s called Website padding and if you haven’t heard of it before, now's the perfect time to learn how to avoid becoming a victim.
The sneaky thing about website padding is that even if you are an experienced web user, who takes pride in being cautious, you can still quite easily fall victim. The way website padding works is very, very clever and something people often never think to check. Putting it as simply as possible, a person or persons re-creates a website as a perfect clone of the original. They then proceed to recreate an almost identical URL of the original for their counterfeit website. With the cloned website finished, the URL is spread as far and wide as possible. Generally, this is done by email but can be shared via links and attachments from fake social media profiles.
Now, you’ve almost certainly heard of this happening on computers. However! With Smartphone usage surpassing computer usage, these same tactics are being used to create clones of Mobile websites, which use slightly different URLS. You can generally identify a mobile website by the "m" just after the "//" in the address bar. What makes this ideal for website padding, is that having a smaller screen also restricts how much of a URL is visible, allowing for much easier user manipulation. If the start of the URL looks legitimate, the rest must be fine, right?
Below is the full URL from the highlighted yellow square
As the title states, Facebook is the go to website to clone and extract users personal data. Using a fake/cloned facebook mobile page, scammers can trick users into entering their details. Once you enter your credentials, into cloned site. The site will display an error, generally informing you that the password or username you entered was incorrect. As soon as you see this message it's too late, your information has been saved and will immediately be used to try and access other accounts. Internet Banking, Paypal, emails, online shopping websites, etc.
If you are lucky enough, you might be able to change the details and passwords of your most important accounts before the scammers get access. Any accounts with money, banking or personal information that can be used against you should take priority.
Securing Facebook and Other Accounts from Website Padding.
The best way to protect any of your online accounts, including Facebook, is to manually type the address into your browser's address bar. It takes longer but it is 100% safe. Clicking links in attachments, emails and other sources is often the quickest, easiest way to get to a website, unfortunately, it’s also the easiest way to end up on a padding website.
Another easy way to avoid website padding is to use the official app for the service you are connecting to. (if one is available) Just make sure that you get your copy of the app from a reliable source, either Google Play or the App Store.
If you don’t have access to an app or the apps don’t work well on your device, you should try to familiarize yourself with what the real URL looks like on mobile devices, this will allow you to potentially spot deceptive sites. Apart from this the next best thing you can do is make sure you vary the passwords on as many accounts as you can. Even if your email address is the same don’t use the same password.
On top of this, you should always make sure your email account password is completely unique, remember if a scammer has access to your email account they also have the ability to reset your passwords on a lot of websites.
Note: If any of the services you use offer two step authentication you should enable it. It’s one of the best ways to add an extra layer of protection to your account.
If you would like more information on securing your Facebook account you can find a full list of security settings and tools at the below article.