Làm cách nào tôi có thễ nhận diện một web site bị phishing/How can I identify a phishing web site?

If you receive an email (or instant message) from someone you don't know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).
Is that web site legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.

Important: If you're at all unsure about a web site, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.

Phishers are becoming more and more sophisticated in designing their phony web sites. There's no surefire way to know if you're on a phishing site, but here's some hints that can help you distinguish a real web site from a phishing site.

Check the web address

Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's Address bar for these signs that you may be on a phishing site:

• Incorrect company name. Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look out for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).
• http:// at the start of the address on Yahoo! sign-in pages. Check the web site address for any Yahoo! sign-in page. A legitimate Yahoo! sign-in page address starts with "https://." Look for the letter "s" following "http."
• Missing slash. To verify that you're on a legitimate Yahoo! site, make sure a forward slash (" / ") appears after "yahoo.com" in the Address bar -- like these examples:
  
  A slash (" / ") after "yahoo.com" can help identify a Yahoo! site.
  
  For example, "http://www.yahoo.com:login&mode=secure" is a fake web site address.

Important: A legitimate Yahoo! sign-in page never starts with "http://geocities.yahoo.com." If you land on a GeoCities page with a Yahoo! sign-in box, report it as a phishing web site immediately.

Be leery of pop-ups

Be careful if you're sent to a web site that first displays a pop-up window asking you to enter your user name and password. Phishing scams may direct you to a legitimate web site, but then use a pop-up to gain your account information.

Give a fake password

If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don't assume the site is legitimate.

Look for your sign-in seal when you sign in to Yahoo!

A sign-in seal is a secret message or image that you select to display in your Yahoo! sign-in box to help protect your account from phishers. Because the sign-in seal is secret between your computer and Yahoo!, you can be sure you're on a legitimate Yahoo! site each time use that computer to sign in to Yahoo!. Just look for the custom text or image you set up. If it's not there, you might have landed on a phishing site. Creating a sign-in seal is fast and easy.
Other web sites, such as those for banks and other financial institutions, may offer a similar feature to help protect you against phishing scams.

Use a web browser with anti-phishing detection

Both Internet Explorer and Mozilla Firefox web browsers have free add-ons (or "plug-ins") that can help you detect phishing sites.

Be wary of other methods to identify a legitimate site

Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked padlock at the bottom of your browser is not a reliable indicator of a legitimate web site. Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.