2017 is a year filled with online scams and data breaches, so there is no surprise if you are feeling paranoid about the website that you are visiting. It is important to know that a website is safe before using it, and especially before sharing sensitive data, such as credit card information, with the site.
There are many signals that can help you determine whether a website is safe to use or not. When surfing the web, make sure to watch out for these signals.
Does the website uses HTTPS?
HTTPS is compulsory for any website, whether is is an e-commerce site or a simple blog. HTTPS prevents man in the middle attacks, such as phishing attacks or spoofing, by encrypting traffic to and from the server.
On websites that use HTTPS, the browser will display a green padlock in the address bar. On some websites, you may see the company name also indicated along with the green padlock. This is a stronger signal than just the green padlock for judging website security, because it helps you trust that the entity behind the website is legit.
Right now, browsers show a “Not Secure” warning on HTTP webpages that contain forms, such as login forms. Refrain from entering your information on such webpages as that provides an easy way for third party hacker to sniff and steal your passwords or credit card information.
In the near future, browsers will show the notice by default for all webpages loaded over HTTP, regardless of whether they collect sensitive information or not.
Note: The presence of the green padlock does not indicate that a website will not use your data for malicious purposes. It just means that the information that is loaded on the webpage or submitted to the server will not be intercepted, stolen or modified by a third party. Phishing websites can also implement HTTPS to appear to be legitimate.
Locate the website’s return policy
If you’re shopping online, make sure the website you’re buying from has a return policy. If you’re not satisfied with your purchase, you can easily return it and get a full refund.
Make sure the entity behind the website is real
Look for social signals that the individual or company behind a website is real. A physical address and phone number provides some social proof. If this information is not on the website, try performing a whois lookup here to find out who owns the domain, where and when the site was registered, contact information, and more.
Pay attention to browser warnings
When a website has been compromised, the browser will usually notify you and advise that you do not continue on to the site. It is important to exit unsafe websites immediately to protect your data from being stolen.
Run a website safety check
If you want to check if a specific website is safe, some website safety checkers, such as VirusTotal, exist to help you do just that. All you need to do is write out the URL of the site in the input field provided and hit Enter.
There is no guarantee that a website that has all the signals above will not steal your data, but having these signals is a good sign that the website has legitimate origins and that its contents has not been compromised by a third party.