HK search engine helps users scan fake websites

Amidst the growing number of websites copying popular ones, a search engine has been created to track and identify the fake from the genuine. Phishing is an a attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity.

SiteWatcher, built by City University computer scientist Liu Wenyin, has already identified 4,384 websites out of 14,622 submissions since 2008.

The primary purpose of phishing is to collect a victim’s personal information used to access the his or her account on a legitimate website. If one isn’t too observant when logging online — whether it is email, social network account or online banking website — account security could be compromised if your details falls into unauthorized hands. For example, the website of HSBC Hong Kong is But if I misspelled it as, I’d see a copycat website exists and my account could be in big trouble if I attempted to log in. Creating malicious websites has been easier than ever, thanks to tools that clone the real ones. Victims can be lured into these websites fishing — hence the variant phishing — for sensitive information that can be used for identity theft or sold to third party marketing firms.

Thanks to Sitewatcher, it’s easier to track fraudulent website and notify authorities for proper action. Since not everyone is savvy enough to detect phishing sites, Sitewatcher should be a handy tool for the unsure and confused. So far, SiteWatcher has caught phishing sites of PayPal the most (863 times) followed by eBay (220), but for obvious reasons, banks such as HSBC are also among the most targeted.

There are many ways to lead a victim to a phishing site. Among them are emails purportedly coming from a popular company informing a victim to update his or her account details as part of a regular security procedure and follow a link embedded in the message. Phishing is sometimes aided by social media connections who share links to websites they perceive to be interesting. Phishing attacks directed at business executives and high profile targets are sometimes called whaling.

While it is easy to distinguish a real website from a bogus one based on website address, emails purportedly coming from legitimate source prompts users to visit a site. Liu warned that as phishing activities have become more sophisticated, it’s more difficult to tell fakes from genuine ones than when SiteWatcher was first launched. Currently, SiteWatcher has an accuracy rate that stands at above 91 percent and is capable of identifying a phishing site in one to five minutes.