How do you know if the site you are visiting is real?
Website phishing scams and spoofing URLs to look like another URL seems to be a problem reaching epidemic proportions - there just seem to be too many people out there after your cash!
So, how do you know that a site you are going to is real? How do you know that when you are logging into Amazon, PayPal or any number of other websites out there that you aren't actually logging into a fake site just designed to take your password?
I could preach to you about looking for the little lock icon and in the browser, and I could also advise you to check the SSL certificate for the site carefully. Both tips are good advice but they are both tricky from a point of view of trying to tell the reader what they should expect to see - no two certificates look the same and they can be hard for the lay person to decipher and understand.
There's an easier method - one that relies on something that you know and what spoof sites don't - your real username and password!
If you want to be sure that the site you are trying to log into is real or not, challenge it with an incorrect password! You know it's wrong and the genuine site knows that it's fake but the the bogus site won't know that and if it "pretends" to allow you access, or says something bogus like "Site unavailable" or "Try again later" rather than "Wrong password" you know it was a fake. They might also redirect you to the genuine site at this point - so what looks to you like the login page being reloaded after you enter your password is worth paying attention to.
This scheme is a variation on the token-based security scheme where it comprises of "something you know" (a password) and "something you have" (a hardware access key). In this case, something you know and something you have are both the same (the password) but the key point is that "they" (the scammers) can't possibly know the difference between a real password and fake one (until they try it later, of course).