APEX Foundation
Blogs, Understanding & Tips

Fake USA Visa Waiver (ESTA) websites

Tuesday, August 24, 2010 by

A screenshot of a part of the Esta Official Homepage

ESTA homepage

Fake bank websites, stealing your passwords and PINs and possibly planting malware on your computer for good measure, are well known. But bank websites are relatively hard to fake, because most people use their banks every day, so any irregularity gets instinctively spotted.

On the other hand, websites like ESTA get often used just once in a lifetime, which makes them a good target, because prospective marks have no idea how the real one looks like and works.

As The Register reports: “McAfee warns that cybercrooks have been busy building fake sites to mimic Homeland Security’s Electronic System for Travel Authorization. The security firm found a simple search for “ESTA” or “ESTA form” threw up dodgy sites. These include sites offering to fill in the free form for a fee, fake government sites and sites requiring a form to be downloaded which actually contains malware.”

Ironically, the real ESTA website’s design and functionality is so behind times, compared to user experience offered by modern websites, that designing a fake which looks “more real” and “official” isn’t too hard. The Bitter Wallet judges the official site as “a design provided by a seven year-old and the user functionality of a frightened horse. ” Ouch..

Additionally, the convulted URL of the real ESTA http://esta.cbp.dhs.gov/esta/esta.html?_flowExecutionKey=_cE74E8CA4-61D4-FB65-EC93-DC26F5ACB147_k69A832C1-BB22-E1A4-FAD6-0509E19DD5FB (yes, this is real) doesn’t look terribly reassuring, once again making it easy to offer more convincing fakes.

In conclusion, instead of searching for “ESTA”, it’s probably a good idea to enter the ESTA website through a link on the website of your local US Embassy, links for which can in turn be found at this remarkably straightforward URL http://www.usembassy.gov/

Questions? Ask below :-) In English, please.

APEX Foundation