Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The only real difference that matters between a fake site and a real site is that the information on it is genuine, the form doesn't really factor into it. Which makes this a very tricky problem: You can't tell if the data is genuine before you have the genuine data.


Domain names is how you do this reliably. This is why everyone should use a password manager. It makes phishing much, much harder to do.


There are no best practices for domain names, there's nothing that can differentiate between NPM and a fraudster from hosting "npmjs.help".

It also doesn't help when you have to visit a new domain for the first time, which tends to be the case when looking up novel information.


If you're trying to do something for the first time with a big company, you usually know the domain name. Like Google is google.com. Or for something like your bank, it'll be printed on your credit card.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: