(Last updated on September 8th, 2020)
In this era of numerous and sophisticated cyberthreats, you should always check whether a website is safe and secure, especially before sharing personal information like contact details, addresses, credit card details and passwords.
People running websites should take responsibility for securing visitors, but with 380 websites created every minute around the globe, some sites just aren’t safe.
You should be extra careful while shopping online. Always verify an e-commerce site before entering your credit card number. If you use the Internet to stream your favorite TV shows or sports, you should visit websites that are free from malware.
But how can you tell if a website is safe? Don’t worry. We have gathered some critical metrics that you can use to judge a website. To avoid falling prey to a cyberattack, look for the following signs to ensure if a website is secure for browsing and sharing personal information.
1. Use Google Safe Browsing Tool to Verify URL
The first thing you should do in order to verify a website is to run it through a reliable website safety checker. And no tool is better in this regard other than Google Safe Browsing, which examines billions of URLs (website addresses) daily and flags unsafe ones.
Open Google Safe Browsing, copy-paste any website address into the search box and press Enter. In a few seconds, you will see a report about the website’s reputation.
2. Carefully Examine Website Address
One of the best and easiest ways to avoid end up being a phishing attack victim is to double-check the website address (also called URL). Start by looking at the spelling of the website in your browser’s address bar. This will help you spot fake websites whose sole purpose is to steal your private information.
Be extra careful about this. Hackers often use spellings that look almost like the original one (for instance, “Paypa1.com” instead of “Paypal.com” or “Yah00o.com” instead of “Yahoo.com”) in order to deceive you so that you unintentionally give them your passwords, banking details, email address, personal income and other private data.
3. URL Should Start with HTTPS Instead of HTTP
A website whose address begins with HTTP instead of HTTPS is not encrypted and you should not give any personal or financial information to that site.
HTTP (Hypertext Transfer Protocol) is used to send data between your web browser and the websites you visit while HTTPS (S stands for ‘Secure’) is its safer version.
HTTPS is mostly used by online banking and shopping sites to ensure the safety of the visitors’ personal information (bank details/credit card numbers) that they are sharing with these sites.
The Secure Sockets Layer (SSL) – which ensures privacy, authentication and data integrity in Internet communications – provides this security to the website owner. Cybercriminals can easily access visitors’ information if the website doesn’t have an SSL certificate.
HTTPS is not enough to prove that a website is secure, but it’s one of the signs that the website cares about your details.
Whether you’re creating an account, making a payment, or just entering your email address, check that the URL starts with “https.” To know that a site uses HTTPS, check the padlock in your browser’s navigation bar. If you find it, it means your connection is secure.
However, keep in mind that a phishing website can also use the HTTPS protocol to appear authentic and safe. Therefore, always keep your eyes open.
5. Look for Contact Page
Again, contact information does not necessarily ensure a website’s legitimacy and safety. Still, it does show that you can talk to a person before sharing information on the website or can get your query answered.
6. Look for Signs of Malware or In
To begin with, you can easily spot a website that has been defaced by hackers. The URL will still be the same, but the site’s content may be replaced, which may include its logo and other features.
Beware of websites that display lots of pop-ups or flashing warnings. If you see pop-ups with outlandish claims, be cautious as it is a common technique used by cybercriminals to trick you into downloading malware.
You can also avoid malicious ads if you pay attention, as most of them contain spelling and grammar mistakes, look unprofessional and make unbelievable claims. Moreover, such ads are not based on your browsing history. So, avoid clicking on these ads and immediately close the website.
Another clear sign that you are on a malware-infected or phishing website is that you get immediately redirected to a completely different website – often a suspicious one – as soon as you land there. Such malicious redirects are commonly used as part of a phishing attack to lure you into giving away confidential data.
Anas Baig is a consumer privacy advocate and cybersecurity journalist by profession. Has has more than 7 years of professional experience under his belt. Anas has been featured on numerous media publications including The Guardian, Lifehacker, The Next Web, Infosecurity Magazine, Security Boulevard, Hacker Noon, CMS Wire, IAPP, SC Magazine, and many others. His interest includes Digital Privacy Rights, Information Security, Networking, Privacy, and Data Protection.