How to Determine If a Website Is Legit and Safe to Use

2017 is a year filled with online scams and data breaches, so there is no surprise if you are feeling paranoid about the website that you are visiting. It is important to know that a website is safe before using it, and especially before sharing sensitive data, such as credit card information, with the site.

There are many signals that can help you determine whether a website is safe to use or not. When surfing the web, make sure to watch out for these signals.

website-safety-signals

HTTPS is compulsory for any website, whether is is an e-commerce site or a simple blog. HTTPS prevents man in the middle attacks, such as phishing attacks or spoofing, by encrypting traffic to and from the server.

On websites that use HTTPS, the browser will display a green padlock in the address bar. On some websites, you may see the company name also indicated along with the green padlock. This is a stronger signal than just the green padlock for judging website security, because it helps you trust that the entity behind the website is legit.

website-safety-signals-ev-certificate

Right now, browsers show a “Not Secure” warning on HTTP webpages that contain forms, such as login forms. Refrain from entering your information on such webpages as that provides an easy way for third party hacker to sniff and steal your passwords or credit card information.

Firefox shows an insecure warning on forms that are loaded over HTTP

In the near future, browsers will show the notice by default for all webpages loaded over HTTP, regardless of whether they collect sensitive information or not.

Screenshiot of the "Not Secure" notice in Chrome

<

Note: The presence of the green padlock does not indicate that a website will not use your data for malicious purposes. It just means that the information that is loaded on the webpage or submitted to the server will not be intercepted, stolen or modified by a third party. Phishing websites can also implement HTTPS to appear to be legitimate.

If you are a site owner or administrator, Let’s Encrypt and Cloudflare provide a quick, easy and free way to implement HTTPS on your website.

A good website will have a privacy policy that explains how it will use the data that it collects from its users. This will usually include information on how they keep your data, if they share your data with third parties and how you can request the deletion of your data. Make sure to read this document before submitting any personal data or making a purchase.

If you’re shopping online, make sure the website you’re buying from has a return policy. If you’re not satisfied with your purchase, you can easily return it and get a full refund.

Look for social signals that the individual or company behind a website is real. A physical address and phone number provides some social proof. If this information is not on the website, try performing a whois lookup here to find out who owns the domain, where and when the site was registered, contact information, and more.

Screenshot of insecure website notice in Firefox

When a website has been compromised, the browser will usually notify you and advise that you do not continue on to the site. It is important to exit unsafe websites immediately to protect your data from being stolen.

Screenshot of Virus Total

If you want to check if a specific website is safe, some website safety checkers, such as VirusTotal, exist to help you do just that. All you need to do is write out the URL of the site in the input field provided and hit Enter.

There is no guarantee that a website that has all the signals above will not steal your data, but having these signals is a good sign that the website has legitimate origins and that its contents has not been compromised by a third party.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.