A practical digital-safety checklist for students and the public

Impersonation scams are increasing as more services move online. Scam pages often copy logos, colors, and layouts to look “official,” then trick users into entering passwords, sharing one-time codes, or clicking unsafe downloads. The good news is that most of these scams can be avoided by following a few simple verification habits before you log in or share any personal information.

Why impersonation scams work

Many users rely on quick cues—design quality, familiar branding, or a convincing message from “support.” Scammers exploit this by creating look-alike pages and sending links through social media, messaging apps, comment sections, or email. The goal is usually to capture credentials or persuade users to take urgent actions that bypass careful thinking.

The safest approach is to verify the address (domain) first, and treat everything else as secondary.

1) Check the domain carefully

The most reliable signal is the domain name (the exact website address). Scam sites commonly use small changes that are easy to miss, such as:

• extra words (e.g., “-official”, “-verify”)
• swapped letters or numbers (e.g., “1” instead of “l”)
• different endings (.net/.xyz instead of the real ending)
• added hyphens or repeated letters

A page can look identical to the real one, but the domain will reveal whether it’s genuine.

2) Type the address manually for important actions

For logins, account access, and any sensitive action, avoid clicking random links. Instead, type the domain yourself or use a bookmark you created after verifying the site once.

A simple habit—typing the domain manually—prevents many impersonation attempts. If you frequently access a platform like 8win, bookmark the site after verifying the domain once, and use that bookmark for future visits.

3) Confirm HTTPS, but don’t rely on it alone

Legitimate sites should use HTTPS (the lock icon in your browser). You can click the lock to view basic security details. HTTPS is important because it encrypts traffic, but it’s not proof of legitimacy—scam sites can also use HTTPS. Treat it as one check, not the only check.

4) Cross-check via official channels

A trustworthy organization usually links to its official domain consistently across:

• verified social profiles
• official “Contact” or “Help” pages
• terms and privacy pages

If the site claims to be official but doesn’t provide consistent channels, or the social profiles do not link back to the same domain, treat it as high-risk until verified.

5) Watch for “support” impersonation tactics

A common scam pattern is fake support requesting:

• your password
• one-time passcodes (OTP) sent by SMS or email
• screen sharing / remote access

No legitimate support team should need your password or OTP code. If anyone asks for these, stop immediately and verify through trusted channels.

6) What to do if you suspect a fake site

If you think you’ve landed on an impersonation page:

1. Stop interaction immediately (don’t continue the chat or form)
2. Close the page and open the official site using your bookmark or manually typed domain
3. Change your password (from the official site only)
4. Report the page using platform reporting tools (social networks, browsers, or relevant services)

If you entered credentials, it’s wise to update passwords anywhere you reused the same login.

---

Quick checklist (copy/paste)

• ✅ Domain matches exactly (no extra letters/words)
• ✅ Typed URL manually for important actions
• ✅ HTTPS is present
• ✅ Official channels cross-confirm the domain
• ❌ Never share OTP/password with “support”