2018 was another year of online scams and data breaches, so it’s no wonder if you feel paranoid about the website that you are visiting. It is important for you to know that a website is safe before using it, and especially before sharing sensitive data, such as credit card information, with the site.
There are many signals that can help you determine whether a website is safe to use or not. When surfing the web, watch out for these signals.
How Invasive is the Advertising?
This one requires a bit of intuition and detective work, but you can often tell the credibility of a site by the amount and type of advertising it has. Occasional banners like you see here on MTE and many other sites are standard practice (we have to make our money somehow!), but there are certain types of ads that you should read as a red flag. Even if these types of ads don’t make a site “malicious”, they imply poor site management and therefore you should be very cautious when browsing them.
Pop-up ads: Good websites don’t host pop-up ads. If new windows containing ads happen, then that’s a bad sign.
Interactive ads: Ads that require you to do things like answer questions and surveys for third parties.
Redirecting ads: Many less reputable sites have banners with “Download” buttons that look like they should download the thing you want to download, but end up redirecting you to some other sneakily advertised software. If a site’s doing this, or is unclear about what you’re downloading from it, then you should take your browsing elsewhere.
Do Trust Seals Mean Anything?
A trust seal is usually represented by a badge in one of the corners of a web page, which you can then click to link through to the seal provider’s website. There are numerous providers of these seals, like VeriSign, PayPal Verified, TrustE and more.
The thing is, it’s easy for any scam website to just copy-and-paste the images for these seals and plaster them onto their website. They’d be breaking the law under Fair Use, of course, but they’re scammers anyway. Why should they care? Unless the seal links through to the actual site, which it rarely does, you just can’t be sure.
Also be wary of things like “Microsoft Certified” or Norton or McAfee-secured. Microsoft Certified is basically meaningless, while the latter can be used on any website that doesn’t contain an actual virus. It doesn’t mean that that site won’t run off with your card details if you hand them over.
A seal like the ones you see above may or may not mean something, and you shouldn’t take them at face value but click through and research the seal providers.
Does the Website Use HTTPS?
HTTPS is compulsory for any website, whether is is an e-commerce site or a simple blog. HTTPS prevents man in the middle attacks, such as phishing attacks or spoofing, by encrypting traffic to and from the server.
On websites that use HTTPS, the browser will display a green padlock in the address bar. On some websites, you may see the company name also indicated along with the green padlock. This is a stronger signal than just the green padlock for judging website security, because it helps you trust that the entity behind the website is legit.
Right now, browsers show a “Not Secure” warning on HTTP webpages that contain forms, such as login forms. Refrain from entering your information on such webpages as that provides an easy way for third party hacker to sniff and steal your passwords or credit card information.
In the near future, browsers will show the notice by default for all webpages loaded over HTTP, regardless of whether they collect sensitive information or not.
Note: The presence of the green padlock does not indicate that a website will not use your data for malicious purposes. It just means that the information that is loaded on the webpage or submitted to the server will not be intercepted, stolen or modified by a third party. Phishing websites can also implement HTTPS to appear to be legitimate.
If you are a site owner or administrator, Let’s Encrypt and Cloudflare provide a quick, easy and free way to implement HTTPS on your website.
Locate the website’s return policy
If you’re shopping online, make sure the website you’re buying from has a return policy. If you’re not satisfied with your purchase, you can easily return it and get a full refund.
Make sure the entity behind the website is real
Look for social signals that the individual or company behind a website is real. A physical address and phone number provides some social proof. If this information is not on the website, try performing a whois lookup here to find out who owns the domain, where and when the site was registered, contact information, and more.
Pay attention to browser warnings
When a website has been compromised, the browser will usually notify you and advise that you do not continue on to the site. It is important to exit unsafe websites immediately to protect your data from being stolen.
Run a website safety check
If you want to check if a specific website is safe, some website safety checkers, such as VirusTotal, exist to help you do just that. All you need to do is write out the URL of the site in the input field provided and hit Enter.
There is no guarantee that a website that has all the signals above will not steal your data, but having these signals is a good sign that the website has legitimate origins and that its contents has not been compromised by a third party.