Don’t Log In to Websites With “Sites" in the URL

The great thing about Google services is that they're easily accessible and free. The downside is that means they're also accessible to scammers, who are getting good at exploiting them to rip you off. The latest scam involves the service known as Google Sites. Not as well known as Gmail or Google Docs, Sites is a Google service that allows you to create a website with a custom URL. Here’s how the scam works: Scammers will make a “spoof” website that looks eerily similar to the real one, aiming to get you to log into their site instead of the real one. Their hope is that the spoof website will surface on the Google results page when someone googles something — say PayPal —and they will trick people into giving up their login information. Consider this scenario: Your phone dies when you're out to dinner, so you borrow a friend’s phone to log into PayPal to pay for your part of the bill. You type “PayPal login” in the Google search bar and receive the following results: 


The first result is the legitimate PayPal website, but note the third result, which starts with “sites.” That website is not the official PayPal website, but was created using the Google Sites service. If you were to input your credentials into the spoof site, including your password, you would not only be giving your personal information away to scammers, but potentially, giving them complete control of your PayPal account. Always look at the URL before logging in to any website. Make sure it is “secure” — sites with secure sockets layer (SSL) certification have a small lock symbol in the URL bar. Make sure the URL doesn’t include any extra characters. Avoid Googling websites altogether by getting into the habit of typing the URL directly into the browser’s address bar. If you know it’s a website that you’ll often be visiting — like your bank’s website — bookmark it so you don’t have to type it every time.