Look-alike Web addresses test online security

Twitter CEO Evan Williams silhouetted: Fraudsters are taking advantage of increased use of the Internet to cause pain. Photo/AFP
Twitter CEO Evan Williams silhouetted: Fraudsters are taking advantage of increased use of the Internet to cause pain. Photo/AFP 

Appetite for furthering education is getting sharper by the day.

A certificate course is not enough until one has in his folder a diploma trophy and those who start at university for a Bachelor’s enrol for a Master’s programme immediately the undergraduate results are released.

This is tenable considering that the world is getting more competitive, what with the mad technology speed.

What one was comfortably doing last month is today a different ball game.

So, for the ambitious to be on top of things, they literally have to swot reading books while climbing the academic ladder.


This is where the hard part of funding places the roadblock or a hurdle.

Postgraduate education is expensive; adequate finances are needed to support course work and research.

To get past the roadblock, many are today using information technology when looking for funds.

This is what Erick (not his real name) did when he dreamt of a Master’s programme.

Once he was on the Internet, he got working and eventually saw light at the end of the tunnel; or so, he thought.

“I received an e-mail from a prominent university in the UK informing me that they had admitted me for a Master’s programme,” he said. “I was naturally overjoyed and soon started exchanging e-mails with someone who I thought was from the university, but who later turned out to be a con artist right here in Kenya”.

It later turned out that the tricksters had created an intricate series of websites that had the names and logos of established institutions here in Kenya and abroad.

“They gave me a link supposedly leading to the website of the British Consulate in Kenya where I was to be given a code that I was to use for identification in the UK. But I was to deposit a sum of money in a bank account before they e-mailed my air tickets and accommodation details.”

Erick thought the communication was beyond reproach.

“They gave me a number to call in case I had questions. I called and spoke to someone who had well thought out replies to my inquiries.”

When Erick was about to send the money, he consulted his programmer friend, who stopped him.

On closer scrutiny of the websites and the addresses, they appeared phony.

The addresses cleverly mimicked the real sites. We later discovered that the account number belonged to a local bank.”

Erick’s case is not in isolation. Many are falling into the trap of online fraud, where criminals create a fake Web presence.

With the proliferation of Internet awareness and use, many people are relying on the links for essential services.

More Kenyans shop, find locations and conduct business on-line.

Enock Kiprono of Infoken Solutions, a tech firm, says advancement in the ICT has led fraudsters to rethink strategies.

“We used to hear cases of criminals using mobile phones to extort and trick their victims but technology is changing and smart criminals are evolving with it,” he said.

He cites the example of SIM card registration that has created a database of sorts that makes detection and tracking of fraudsters a possibility.

Increased scrutiny by banks in line with the laws like those on money laundering have made financial institutions more vigilant on monitoring clients.

However, as scrutiny is mounted, fraudsters are also walking in tandem.

“All you need to set up a website is the requisite fee which can be as low as Sh700, depending on the service provider and a domain name and you are good to go,” he says.

Critics are raising the alarm that while conditions for setting up a web presence are made easy to boost communication, the flipside creates a fertile ground for the unscrupulous to run roughshod, with their eyes on the goal of making quick bucks.

“What happens is that some one buys a domain name that is similar to his target company for example a prominent bank. Then the person sets up a website that mirrors the actual website of his target website,” says Mr Kiprono.

“The content can be lifted from the actual website and often times the graphical replication is so accurate that users cannot distinguish between the two. You will find everything, including recent photos that have been downloaded from the real website. The difference could be a slight shade in the colours or even a punctuation mark.”

For example, the website could be ending in .org and the fake

A search query in Bing or Google, will bring up both websites and there is a high chance of mistaking the fake for the real thing.

Entire URL

Other differences in punctuation could be as slight as a comma or an additional forward slash and very few people recognise that.

Since the website is cleverly designed as that of a reputable organisation, the victim will not doubt the content.

“The websites could even have advertisements from genuine companies here in Kenya and overseas giving the impression that the website is genuine,” explains Mr Kiprono.

Using these websites, fraudsters post details of lucrative opportunities like job vacancies and financial grants.

The announcements are accompanied by contact details that lead to preset numbers that direct the caller to the fraudsters.

After the user has parted with a significant amount of money, the website will promptly be shut down, leaving the victims counting losses.

Some of the websites will have a log in prompt where visitors are asked to input their e-mail addresses, which can be used to access the users’ private information.

To avoid falling victim, type entire URLs to the address bar instead of the lead word as this will filter out the real website.