One great thing about Google services is that they are easy to use and free. But, there’s a downside: scammers can use them too, and they’re getting really good at it.
One new scam is using something called Google Sites. This service isn’t as famous as Gmail or Google Docs. With Google Sites, you can make your own website and pick a custom web address.
For a long time, the safety tip for the internet has been to avoid clicking on links from websites you don’t trust. You might not click on a link like “www.yourbank.fakedomain.com” because it looks suspicious. But what about a link that starts with “sites.google.com”? That might not look as obvious, but it can still be a trick.
How the scam works
Scammers create fake websites that look very similar to real ones. They hope you will log into their fake site by mistake. They want their fake website to show up on Google when you search for something like PayPal. Then, they try to trick you into giving them your login information.
Imagine this situation: Your phone runs out of battery while you’re out to dinner. You borrow a friend’s phone to log into PayPal to pay your share of the bill. You type “PayPal login” into Google and look at the search results:

The first result is the real PayPal website. But, look at the third result. It starts with “sites.” That’s not the real PayPal site; it was made using Google Sites. If you click on that link, here’s what happens:

You might notice that the website address looks strange. The site looks a lot like the real PayPal, especially on a phone where it’s hard to see the full address. If you enter your username and password there, you could give your personal details to scammers and they could take over your PayPal account.
Always check the URL—or type it out yourself
Google Sites is just one way scammers make fake websites, but it’s not only a Google problem. You need to be careful about many things to avoid falling for these scams.
First, always check the website address or URL before you log into any site. Make sure it looks secure. Secure websites have a small lock symbol in the address bar. Also, watch for any strange extra characters in the URL.
If you’re not sure whether a website is real, do a quick Google search like this: “Is [the website in question] legit?” Some website addresses are tricky. For example, “paypal.com.webservices.com” might look okay at first, but it’s a trick because of the extra “.com” at the end.
Don’t click on Google Ads
Google Ads often appear at the top of search results and seem to match what you’ve searched for. But these websites might not be connected to the official site you want. Even worse, they can send you to fake websites. Instead, use Google’s regular search results and carefully check the website address before you log in.
Avoid Googling websites altogether
Instead of searching for a website, get used to typing its address directly into your browser’s address bar. If it’s a site you visit often, like your bank’s website, bookmark it. This way, you don’t have to type the address every time.