How to Determine If a Website Is Legit and Safe to Use

Screenshot of Phishing attack warning in Chrome

2018 was another year of online scams and data breaches, so it’s no wonder if you feel paranoid about the website that you are visiting. It is important for you to know that a website is safe before using it, and especially before sharing sensitive data, such as credit card information, with the site.

There are many signals that can help you determine whether a website is safe to use or not. When surfing the web, watch out for these signals.

Do Trust Seals Mean Anything

A trust seal is usually represented by a badge in one of the corners of a web page, which you can then click to link through to the seal provider’s website. There are numerous providers of these seals, like VeriSign, PayPal Verified, TrustE and more.

how-to-determine-legit-safe-website-trust-seals

The thing is, it’s easy for any scam website to just copy-and-paste the images for these seals and plaster them onto their website. They’d be breaking the law under Fair Use, of course, but they’re scammers anyway. Why should they care? Unless the seal links through to the actual site, which it rarely does, you just can’t be sure.

Also be wary of things like “Microsoft Certified” or Norton or McAfee-secured. Microsoft Certified is basically meaningless, while the latter can be used on any website that doesn’t contain an actual virus. It doesn’t mean that that site won’t run off with your card details if you hand them over.

A seal like the ones you see above may or may not mean something, and you shouldn’t take them at face value but click through and research the seal providers.

Does the Website Use HTTPS?

HTTPS is compulsory for any website, whether is is an e-commerce site or a simple blog. HTTPS prevents man in the middle attacks, such as phishing attacks or spoofing, by encrypting traffic to and from the server.

website-safety-signals

On websites that use HTTPS, the browser will display a green padlock in the address bar. On some websites, you may see the company name also indicated along with the green padlock. This is a stronger signal than just the green padlock for judging website security, because it helps you trust that the entity behind the website is legit.

website-safety-signals-ev-certificate

Right now, browsers show a “Not Secure” warning on HTTP webpages that contain forms, such as login forms. Refrain from entering your information on such webpages as that provides an easy way for third party hacker to sniff and steal your passwords or credit card information.

Firefox shows an insecure warning on forms that are loaded over HTTP

In the near future, browsers will show the notice by default for all webpages loaded over HTTP, regardless of whether they collect sensitive information or not.

Screenshiot of the "Not Secure" notice in Chrome

Note: The presence of the green padlock does not indicate that a website will not use your data for malicious purposes. It just means that the information that is loaded on the webpage or submitted to the server will not be intercepted, stolen or modified by a third party. Phishing websites can also implement HTTPS to appear to be legitimate.

If you are a site owner or administrator, Let’s Encrypt and Cloudflare provide a quick, easy and free way to implement HTTPS on your website.

Lookout for a privacy policy

A good website will have a privacy policy that explains how it will use the data that it collects from its users. This will usually include information on how they keep your data, if they share your data with third parties and how you can request the deletion of your data. Make sure to read this document before submitting any personal data or making a purchase.

Locate the website’s return policy

If you’re shopping online, make sure the website you’re buying from has a return policy. If you’re not satisfied with your purchase, you can easily return it and get a full refund.

Make sure the entity behind the website is real

Look for social signals that the individual or company behind a website is real. A physical address and phone number provides some social proof. If this information is not on the website, try performing a whois lookup here to find out who owns the domain, where and when the site was registered, contact information, and more.

Pay attention to browser warnings

Screenshot of insecure website notice in Firefox

When a website has been compromised, the browser will usually notify you and advise that you do not continue on to the site. It is important to exit unsafe websites immediately to protect your data from being stolen.

Run a website safety check

Screenshot of Virus Total

If you want to check if a specific website is safe, some website safety checkers, such as VirusTotal, exist to help you do just that. All you need to do is write out the URL of the site in the input field provided and hit Enter.

Wrap Up

There is no guarantee that a website that has all the signals above will not steal your data, but having these signals is a good sign that the website has legitimate origins and that its contents has not been compromised by a third party.

One comment

  1. “Lookout for a privacy policy”
    Even scammers can post a great looking/sounding privacy policy. Whether it is really in effect is another story.

    “Make sure the entity behind the website is real”
    With companies being owned by other companies, which in turn are owned by still other companies, which themselves are part of conglomerates, it is very hard to determine the reality of the entity behind the web site. It is a shell game with many companies being just that, shell companies.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories