OSINT Case Study: Validating a website if its fraud or legit

Hey guys, this is me Dheeraj Yadav and in this blog, we will be learning about how to validate if it's a fraud website or a legit one.

Let's start explaining this with a real-time case study.

Background Story: Yesterday, I opened my Twitter account via Twitter deck for some research purposes and I found that there were 3 unseen messages, I opened them and they are as shown in the below figure.

Disclaimer: Both the websites shown in this pic are frauds, so don't try to visit them.

The website in the pic are:

1. vipbtc365 .com
2. usdt365 .org

As you can see in the above pic, the scammers have also shared login credentials of their accounts on those websites. (although they are identical, either this scam is carried out by a group or it's an automated message.)

Let's first discuss the scenario and the scammer's objective.

Once you log in on those websites with the given credentials, the account will show you some good balance (something nearly 0.5btc, don't know why maybe all these scammers have read the same black hat earning book and this was mentioned in that) and when you try to withdraw that it will show the account is not activated, in order to activate it you need to once deposit x amount of BTC.

So, if you deposit that, congrats you have been scammed, you will never be able to withdraw that amount since it's a scam.

If you don't deposit, congrats you have won Mr. smart tag.

Now, let's the osint game.

The first you should do in web osint is perform whois record, so let’s go. Below is the whois record for vipbtc365.com

Red flag: The website is just 25 days old.

Always check this first as in most phishing campaigns, you will get this duration as less than a month, and if that website is impersonating any popular website, you can just end your investigation here by declaring it a fake website in most cases.

The second step here is visiting and exploring the website. (it's an essential part of active recon and osint.) But wait, don't browse normally as we explore Netflix. Use any cloud phone or virtual android emulator for this purpose. (Risk: Never visit these scam websites on your real device as they may download any file with malware embedded in them and can put your device at a risk).

This website has been blocked as I have seen that message very late, so what’s next? Let's try to see those websites using the Wayback machine.

You can view this at https://web.archive.org/web/20220000000000*/ViPbTc365.com

an archived version of the website using a Wayback machine

Red flag: can't even purchase even an email and do a giveaway, wtf?

Tip — Always pay attention to the footer of a website. Why?

The fakest website or websites made for malicious purposes, never have social media profiles, so missing social media profiles should always be considered a red flag. Some advanced scammers even mention the actual websites, so always check the footer on any other page too apart from the homepage as sometimes scammers mention that on the homepage to avoid detection.

The third step in this google dorking.

google search for the scam website

Used “particular word” for finding all the websites which have mentioned our scam website and the shown are results.

Redflag: Lack of SEO, no title, no description, etc

A good website always uses good SEO. When you open all other websites, you can directly see a lot of scam reports for this, so now we are 100% assured that it's a scam.

Disclaimer: If you use common sense, you can tell that it's a scam in many cases why would someone give away such a big amount of money when he is not getting anything in return?

Apart from the above techniques, one more thing you can check is searching for this website in the IOC database like threatfox by abuse.ch

They are many other symptoms that you can use to validate if a website is fake or legit.

Conclusion -

There are several red flags that can indicate that a website may be fake or fraudulent:

1. Poor website design: A fake website may have a poorly designed layout, typos, and grammatical errors.
2. Unfamiliar domain name: A fake website may use a domain name that is similar to a legitimate website, but with slight variations.
3. Requests for personal information: A fake website may ask for personal information such as your name, address, and credit card information. Be cautious about providing this information unless you are sure the website is legitimate.
4. Pop-up windows: A fake website may use pop-up windows to try and get you to click on links or enter personal information.
5. Unrealistic offers: A fake website may offer products or services at significantly discounted prices or with unrealistic promises.
6. Lack of contact information: A fake website may not have a physical address or phone number listed, or the contact information may not be valid.

It is always a good idea to be cautious when shopping online and to do your research before making a purchase or providing personal information on any website.

Tell the techniques you use in the comment box.

Thanks all for reading this write-up, follow me for more content like this in the future.

You can follow me for learning my writeups on topics related to ethical hacking and cybersecurity and a few topics on technology and to knowing my tips and tricks which I use to save my time and for better results.