One of the most common ways that phishers trick people is through e-mails leading to fake websites often with the websites impersonating a legitimate domain like your banks website. One way they do this is by using a domain that looks similar to the legitimate domain.

Above would be an example of such an effort trying to mimic the google domain. Anything below this domain name can be tailored in an attempt to mimic the legitimate website.

Another way a phisher might attempt to conceal the fake website is through subdomains.

In this example a phisher is targeting someone’s banking details through SMS. The phisher references the bank in the subdomain name to look similar to the original websites URL. The actual domain name is uk-account.help; which is meant to mirror a legitimate website of hsbc.co.uk/account-help.

Even then sometimes you can still accidently access these websites often times the first thing you will see is a login page. This can often be a red flag if you are already logged into said service.

Even then you can notice slight errors from the legitimate website above. Phishing websites often just copy and paste information from the original and can be littered with small errors.