Title of the document Online Banking Log-In Title of the document Tourist Card Log-in
Title of the document Online Banking Log-In Title of the document Tourist Card Log-in



Website spoofing (or website scams) involves making a malicious website look like a legitimate one. The spoofed site will look like the login page for a website you frequent, down to the branding, user interface, and even a spoofed domain name that looks the same at first glance. Cybercriminals use these websites to capture your username and password or drop malware onto your computer. This is potentially more devastating because they could gain access to any information you save on that device. A scam site will generally be used in conjunction with a phishing email, in which the email will link to the website.

How do these attacks usually happen?

Registering a domain name requires little effort and has little oversight. There are some barriers in place to prevent near-identical domains from being created, but scammers are clever enough to find workarounds.

After a person has fallen for a spoofed website, they will likely carry on with their normal behaviour without a second thought. This could include typing in their username and password or entering in banking information, which is exactly what the scammer is hoping for.

Even though you think it’s business as usual, the website is saving whatever information you enter. The scammer can then use your login information to gain access to the legitimate website, or any other website that uses the same username and password.

Recognising an attack

Web spoofers follow similar tactics and make common mistakes in their attempts to fool their victims. That makes it possible to identify them for what they are. Here are a few tips.

Bank of St Helena’s official websites are: https://sainthelenabank.com,   https://sainthelenabankonline.com and https://ibanktc.sainthelenabankonline.com.

Double-check the details

If a scammer executes the spoofed website well enough, it may be hard to distinguish it from the real thing. Before entering your login information or clicking on anything at all, take a moment to double-check these known red flags.

Phishing email makes suspicious requests

The body of the email often contains a shocking accusation that requires immediate action for you to lower your guard. Banks, governments, and retail businesses have standard practices for resolving issues. If an email claiming to be from a trusted source asks you to act out of the ordinary, contact the originator through the official channels.

Incorrect spelling and grammar

Spelling and grammar mistakes in an email or website are a red flag that it has not originated from a professional organisation. It is quite common for the text to have been sent through a language translator.

Avoid clicking mysterious links

With the tactics of cybercriminals continuously improving, not even your own eyes and judgment can be trusted 100% of the time. The best way to evade a malicious link is to avoid clicking it entirely. Manually type the domain name into your browser to increase the likelihood of reaching the legitimate destination.

The website URL is unsecure

The website lacks basic URL security protocols. Sometimes your browser will warn you when it detects that a website is not safe to visit. This shouldn’t be ignored, nor should it be relied on. Your browser can be fooled, too.  

Look at the URL

The most common tactic among website spoofers is creating a URL that is nearly identical to a legitimate website. The URL may only be off by one letter, even using the number “1” in place of a lowercase “l”. People can easily direct themselves to the spoofed page by mistakenly typing the wrong key or by only glancing at the URL before clicking through.

Check for an SSL certificate

A Secure Sockets Layer (SSL) is an added level of security for every visitor on a website. It is an encrypted link that protects your sensitive information from being shared without your consent. It is usually represented by a lock or green icon next to the URL. An SSL is not a guarantee that a website is legitimate, but it is a solid piece of evidence in its favour.

Check for an SSL certificate

Since a third party produces the SSL for the website, double-check the certificate by comparing it to the URL. Click on the SSL icon to validate its security. If it was issued to a website that is different from the domain in the URL, then something fishy is going on and it shouldn’t be trusted. That might be a URL spoof.

Do you suspect you have been a victim of cybercrime or fraud?

Your first point of contact should be the Police to report the crime.

If you need help blocking your Bank Cards or changing your Online Banking Details please contact us on

(+290) 22829