Phishing sites are designed to steal your login credentials, bank details, and identity. Here is how to spot them.
Install the free Chrome extension (WebsiteAge) →A phishing site is a fake website designed to impersonate a legitimate one: your bank, email provider, a government agency, or an online store. The goal is to trick you into entering your username, password, credit card number, or other sensitive information.
Unlike malware, phishing requires no technical exploit. It just needs you to believe the site is real. And modern phishing sites are convincing. They copy logos, layouts, and even SSL certificates.
You receive an email saying your account is locked. The link takes you to a clone of your bank's website with a different domain but the same look. You enter your credentials. They are stolen.
A site selling popular items at extreme discounts. You pay, receive nothing, and your card details are compromised. The domain was registered two weeks ago.
A page mimicking Gmail, Outlook, or Apple ID asks you to verify your account. Entering your credentials hands them directly to the attacker.
Sites impersonating tax agencies, passport offices, or benefits portals to steal identity documents and personal information.
Phishing campaigns are short-lived by design. Attackers register a new domain, run the campaign for days or weeks, then abandon it before authorities shut it down. This means phishing domains are almost always brand new.
Key insight: Your real bank has owned its domain for 10, 15, or 20+ years. A site claiming to be your bank but registered last month is almost certainly a phishing site, regardless of how convincing it looks.
Use the WebsiteAge extension to see domain age instantly. A new domain on a site asking for a bank login is a clear red flag.
When in doubt, navigate to your bank or account directly by typing the address in the browser rather than clicking a link from an email or SMS.
Look for subtle substitutions: "rn" instead of "m", numbers for letters, extra words, or different TLDs (.net instead of .com).
Even if your credentials are stolen, 2FA prevents attackers from accessing your account without the second factor.
Report phishing sites to Google Safe Browsing, your bank, and national cybersecurity authorities. This protects others from the same attack.
WebsiteAge shows domain age instantly, so you know before you trust.
Install the free Chrome extension (WebsiteAge)