Ways to Check A Website is Legit

Ways to Check if a Website is Legit

The internet, like many other technological advances, has made the way we lead our lives much easier. It does however at the same time expose us to many dangers that lurk in the digital world. Although can we now buy our groceries and just about anything else online, we can just as easily fall prey to the web of intricately woven lies and scams of online fraud — all without leaving the comfort of our couch. This is why it’s critically important that we all know exactly how to check if a website is legit.

The Better Business Bureau’s (BBB) Scam Tracker reported 48,362 scam sites in the U.S. in 2018, while 23,439 scams were already reported in 2019. These numbers will undoubtedly rise every year, and scammers will continuously find new ingenious ways to undertake cybercrimes. It’s therefore crucial that you know what to look out for to recognize these types of attacks.

Check a Website Is Legit

Given that we spend an ever increasing amount of time interacting with the digital world, we could be in contact with a cybercriminal at any time or become the victim of a phishing attack without even knowing about it. It’s therefore totally logical to feel paranoid when you decide to visit a website a friend told you about or want to click on an advertisement flashing somewhere on your screen. When browsing, a good rule of thumb is to use good judgment, pay attention and look for the many signs that will help you determine if a website is credible.

The 10 ways described below will help you determine if a website is real or fake:

1. Does It Have the Padlock with HTTPS in The Address Bar?

HTTPS only means that the communication channel from you to the server is secure and encrypted, i.e. an attacker won’t be able to listen in on the network. HTTPS does however not mean that the server you communicate with won’t steal your data. If you connect to a malicious server, the S in “HTTPS” will do nothing to ensure your safety.

If your browser shows that a website is “not secure,” it’s logical not to enter sensitive information on the page. Even if a site uses HTTPS that does not automatically mean that it is safe. This is where SSL/TLS certificate details provide an additional validation level.

To inspect the digital certificate that has been issued to a website, if using the Firefox browser, click on the padlock and then on the arrow. Select more information and then view certificate. For Google’s Chrome click on the padlock in the web address bar and select Certificate.

2. The Trust Seal

The function of a trust seal is for the site owner to tell users that the website is safe and that the company to whom the website belongs takes security seriously. It is a stamp issued by a security partner (e.g. as a certificate authority, or CA) that indicates the website’s legitimacy. If you click on a legitimate trust seal, it will take you to a page that will verify the seal’s authenticity.

3. Social Media Presence

Many legitimate companies have some type of social media presence. Fake websites sometimes display Twitter or Facebook icons, but if you click on these, they won’t take you to a real account. Check company reviews on social media and look on LinkedIn for real employees of the company.

4. Check the Contact Page

Our fourth recommendation on how to tell if a website is legit is to check whether there is a physical address shown on the website. Does the company have an email address and a phone number listed? Send an email to the email address given on the contact page and see if it gets delivered. Check that the email is not generic (e.g. xyz@gmail.com) but rather one that includes the company brand (e.g. name@company.com).

5. Check for Grammatical and Spelling Mistakes – A Sure Sign of a Scam Website

Grammatical and spelling mistakes are telltale signs of a phishing attack. Most legitimate companies will take great efforts to apply minimum quality standards in all official communications. Apart from genuine typos which are rare, it’s highly unlikely that you’ll ever receive an email from a large corporation that is poorly worded. Communications from legitimate companies will generally use the appropriate tone and won’t sound threatening or menacing, even if you haven’t followed through with their call to action.

If a website looks like it had been designed by a kid that can’t draw properly yet, or has glaring grammar or spelling issues, chances are high that it’s one of many fraudulent websites and that should be avoided at all costs.

6. Don’t Click on Links in an Email

There’s almost never a valid reason to click on links in an email unless you’ve requested a password reset link.

If your bank was sending you an email, they would know who you are and use correct grammar. They’re not going to address you as “customer” or “member.” They would also never use a poorly written email and threaten to suspend your account forever, use threatening or urgent language, or ask you to give them account or personal information.

Hovering the mouse over the link or button in the email will show you the address of the actual website where you would be redirected. If you do click on the link, it might take you to a site that looks nearly identical to your bank’s website or uses its colors and logo. If you do however enter your credentials, there’s a very good possibility that your account details will be sold or your account will be compromised.

7. Website Privacy Policies

Most industries and countries have data privacy regulations and laws that make it mandatory for websites to inform their users how data is used, collected, stored, and protected. This is normally done by creating a privacy policy document and users must read these and agree to the terms and conditions. Most of us have by now skimmed through many privacy policies and we know what a decent one should look like versus one that pretends to be authentic.

If you’re thinking of using an e-commerce platform for online shopping, also check out their shipping and return policies. This is always a good way to tell if a website is legit or fake. If the website does not have one, or if it looks rough at best, rethink your decision to buy anything from the site.

8. The Safe Browsing Transparency Report

When you’re not sure about the safety of a website, check out Google’s Safe Browsing Transparency Report. This tool will let you enter a URL to check whether the site is safe for browsing or if it hosts any malware.

9. Obvious Website Malware Signs

Suspicious pop-ups, web defacement attacks, and ads that try to entice you to click on them are typical indicators of malicious websites attempting to get you to download and execute malware on your computer. Be careful of a legitimate looking pages that ask you to enter sensitive information or websites that redirect you to other sites with promotional content. Always be careful when you click on an ad!

10. Pay Close Attention to the Web Address

Check if the website isn’t trying a homograph phishing attack. Browsers can be made to display a fake web domain name as a trusted legitimate site. One example would be a domain registered as ab–xnyq-52c.com displaying as amazon.com.

URLs can also use alphabets that seem similar to other foreign languages like the Cyrillic alphabet. The URL can also be made to look a specific way by using subdomains, but if you check it closely, the name of the actual domain appears right in front of the TLD. An easy way to check if a URL is a homograph phishing attack before you hit enter and load the site is to copy and paste the URL to another tab. When pasted in the address bar the URL will for example be shown as “https://wwwab–xnyq-52c.com/”.

Security Tools and Add-Ons

Apart from the steps we’ve described above on how you can tell if a website is legit, there are also add-ons and tools that can help you stay safe online.

Services like Virus Total and Norton Safe Web analyze URLs and will tell you if the site you want to visit is malicious or safe. A few tools and extensions are also handy in keeping you from visiting fake websites.

1. Disconnect: This is a tracker blocker that allows you to see everything on a website that tracks you and lets you disable them.

2. Netcraft Extension: Allows you to first look up the sites you want to browse and protects against phishing.

3. Privacy Cleaner: Runs in the background and gives alerts if an app or a page attempts to access your information or files.

4. Webroot Filtering Extension: Keeps you safe by filtering and blocking dangerous websites.

We hope this article on how to tell if websites are legit will make your browsing much safer.

Don’t Stop Here

More To Explore

sc-200 Microsoft Security Operations Analyst Exam Guide

SC-200 Exam Guide

Sc-200 This article will share how I successfully prepared for and passed the SC-200: Microsoft Security Operations Analyst certification exam. Introduction Microsoft is continually updating

Read More »

What is SSO?

Single sign-on (SSO) allows users to sign on with a single set of credentials to access multiple applications and services. SSO provides increased security and

Read More »