These sites may have a web address that’s similar to legitimate sites but contain misspellings, bad grammar or low-resolution images, according to McAfee Labs, which is the threat research division of Intel Security.
Double check URLs to make sure that sites are authentic and not replicas created by scammers to try to steal personal information.
A scam currently making the rounds is a message that shows up in people’s in-boxes purporting to be from Netflix.
RELATED: These passwords will get you hacked
The message instructs recipients to clink on a link to sign in and update their payment information.
But in reality, it’s a “phishing” scheme intended to steal people’s log-in and credit card information.
The link leads to a fake website, and the e-mail comes from an address that is meant to appear authentic but isn’t — it’s from @appel.com. Apple.com, obviously, is a well-known and trustworthy source of content.
The fake address, however, is not visible when the message is viewed on a cell phone. The sender simply comes up as “SUPPORT.”
RELATED: Millions feel the sting of identity theft
Experts also say consumers should be wary of making purchases on sites that lack security protections.
Safe, secure websites have addresses that starts with “https://” instead of just “http://,” according to Norton, the maker of anti-virus and security software.
That “s” makes all the difference, because it signals that a site has security encryption.
Legitimate e-commerce sites use encryption to keep customers’ payment information safe. To confirm it is a trusted site, look for on a lock symbol in the browser window.
Consumers also should try to restrict their downloads to official and reputable app stores, such as the Apple Store, the Google Play Store and Amazon, said Scot Ganow, an attorney with Dayton-based law firm Faruki Ireland Cox Rhinehart & Dusing whose practice focuses on information privacy and security law.
RELATED: Identity theft victims tell their stories
Downloading apps from third-party sources can be risky.
More than 1 million Android phones were infected by a yucky type of malware dubbed “Googlian” that consumers downloaded from third-party apps and by clicking on malicious links, experts said.
The malware campaign has exposed people’s messages, documents, photographs and other sensitive data and also led to the installation of unwanted apps their devices, according to Check Point, a threat prevention software company.
“Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps,” according to a blog post from Google.
On Android phones, users have multiple choices of systems where they can download content, and many people regularly download free online games and other apps from alternative sites and marketplaces.
Some experts say this is a big no-no.
“The more you go off the primary app stores — such as Google Play or the Apple store — you are putting yourself at risk, so really keep to the tried and trusted,” said Vincent Weafer, vice president of the McAfee Labs. “Stay away from the dark alleys of the Internet.”