Website cloning: Is that really Entrata? Don’t fall for that trap!

Have you watched one of those horror movies where something impersonates the protagonist only to wreak havoc later? Well, website cloning does the same thing--to your management company--in real life. Website cloning is one of the most popular methods among scammers to fleece you of your money or steal your passwords and community data!

As the name suggests, the cyber-criminal first creates a ‘clone’ site of the original one. There can be a clone of any website, though retail shopping sites, travel booking sites and banks are the favorites of cyber-criminals. The multifamily industry, however, is not immune to this as we've seen hackers create fake sites impersonating popular vendors in the apartment industry. The clone site looks exactly like the original one, barring a very minuscule change in the URL.

Next, they will create a trap intended to get unsuspecting victims to visit the clone site. This is usually done via links shared through emails, SMS messages or social media posts asking them to click on a link to the clone site. The message urges the recipient to take an action. For example, a message that presents itself as though it is from the IRS, asking the recipient to pay pending taxes by clicking on a specific link to avoid a fine or business shutdown, or an SMS about a time-bound discount on iPads. Sometimes, they go straight for the target and masquerade as a message from your bank asking you to authenticate your credentials by logging into your banking portal--the only glitch, the banking portal will be a clone.

Staying safe

So, how do you identify a clone website and a dubious message?

  • Does the email sound too good to be true? Well, then it probably is. Nike giving away free shoes? Emirates Airlines giving you free tickets to Europe? Apple iPhone X for just $20? All of these scream SCAM!
  • Even if the message sounds genuine, such as an email from your bank asking you to authenticate your login credentials, check the email header to see if the sender’s email domain matches your bank’s. For example, if your bank is Bank of America, the sender’s email ID should have that in the domain. Something like customercare@bankofamerica.com could be genuine, whereas, customercare@bankofamerica.net is suspicious.The same tip goes for any vendor in the apartment industry. Always look carefully at the email domain and be wary of any other extension other than .com on the end. 
  • Check the final URL before you enter any information to make sure it is the actual one. Most shopping/banking websites, where payments are made and other personal details are shared are secure (HTTPS)and will have a lock symbol at the beginning of the URL. Also, check the domain. For example, something like- www.customerauthentication.com/entrata is not part of the Entrata website. 

Identifying a cloned website is tricky, but it is not something you can afford to ignore as software alone cant always identify fake sites. This is why it's important to participate in a good cyber-security awareness training program so you can learn how to be an effective "human firewall"  and help prevent the increasing cyber-security attacks affecting the multifamily industry.