The World Wide Web provides us with an ocean of information, entertainment, and communication options. However, as with anything in life, the good most certainly comes with some bad. And when it comes to the internet, the bad can be really bad.
Hackers, scammers, and other cybercriminals could be lurking behind the scenes, waiting for you to make a mistake and click the wrong thing, or worse, to trick you into providing them with sensitive information, such as bank account or credit card numbers, which they can then use to steal from you and cause you all sorts of trouble.
Anti-virus programs and other cybersecurity systems make it considerably easier for you to stay safe online. But in the end, your digital security depends on you and your ability to spot a threat before it turns into something more serious and leaves you scrambling to recover from identity theft.
One of the skills you need to learn to make sure you stay safe online is how to tell the difference between safe and legitimate sites and the malicious ones that can cause you real problems.
To help you do this, we've put together a complete guide of how to check if a website is safe and legitimate.
Understanding the Threat: Online Scams in 2019
To understand why it's important to learn how to identify and avoid bad websites, here are some stats about the threats we face when we go online:
Step 1: Check the URL
There are many different ways you can tell if a website is safe and secure, but perhaps one of the easiest and most obvious is to inspect the site's URL to see if it meets the standards of security we now have for legitimate sites.
Here's a summary of the things you should be looking for:
Is it the site you want?
Most of us end up on websites because we click on links we either find on other sites or that are sent to us via social media and email. This is fine, but make sure the site you're visiting is actually the site you planned on visiting.
For this to work, you need to start before you head to the site in question. Inspect the URL associated with the link you want to follow. You can do this by using your mouse to hover over the hyperlinked text. The site the link will take you to should you click on it will appear on the bottom-left of your browser window. Take a look to see if the URL matches the site the link is leading to you. If it doesn't, then this is a clear red flag.
If you feel good about the way the link looks and decide to click on it, the next step is to make sure the actual URL of the page you've landed on is the same as the one you intended to click.
When doing this, really look carefully, even if the site looks exactly how you were expecting it to look. Scammers are very good at making sites that look exactly like the real thing but with slightly different URLs. The untrained eye can be easily fooled. For example, www.amazon.com might be written as www.amazoon.com. If the site looks exactly as it should, then you might not see this difference right away.
As a result, make sure you double and triple check the site's URL before doing anything on it. This will save you from clicking on links for a bad site, something which can lead to real problems down the road.
The internet has been running on hypertext transfer protocol (HTTP) since the 1990s when Tim Berners-Lee came up with the concept of the World Wide Web and browsers. Not much has changed since then except that many sites are now using HTTPS, with the "s" standing for secure.
This protocol was first used by banking and eCommerce sites due to the fact they frequently take in people's bank and credit card information.
Essentially, with HTTPS, the site encrypts the data entered into it, providing an extra layer of security and making it much harder for your personal information to fall into the wrong hands.
Nowadays, almost all sites use HTTPS, largely because Google and other search engines include it in their algorithms for determining rankings (they want to make sure the sites they send to people are safe). As a result, if you get sent to a site that doesn't use HTTPS, this should be a major red flag that something is up. In fact, if it doesn't have HTTPS, you should probably steer clear.
To see if the site has HTTPS, just look in the URL bar of your browser. There should either be a lock or some other icon to indicate the site is secure, or it may even say "secure." Here's what it looks like on Chrome:
Of course, just because a site has HTTPS doesn't automatically mean it is safe and legitimate. Bad sites can have this security protocol too, especially if they are trying to look legitimate, but this is still a good place to start. No HTTP means stay away.
Another thing you can do to make sure the URL of the site you're visiting is legitimate is to plug it into a URL checker. These tools can be accessed online for free and will run a report on the URL in question to see if there have been any issues with it before.
This can be a lifesaver if the tool turns up some results. It will tell you that people on the site have experienced identity theft, or they have walked away with a virus, and this should obviously be enough to discourage you from proceeding. On the contrary, if a site has been proven to be safe and trustworthy, these tools will tell you that, too, allowing you to proceed to the URL with much more peace of mind.
Of course, the downside to these tools is that they will tell you nothing if there is no information about the site in question. Because of this, don't assume that no results means the site is legitimate. Instead, take it for what it is: a reminder that you won't know what's on the site until you get there. It may be completely fine, but browse aware of the risks and ready to react should you find something suspicious when you get there.
Steps 2: Check the Content
Once you're convinced the URL is okay, it's safe to proceed to the website. However, just because the URL looks okay doesn't guarantee the site is safe and secure. As a result, if you're unsure about the site, spend some time looking into the content to see if you can learn more about what you're getting yourself into.
Here are some things to look out for:
Written By Humans?
Read through some of the written content on the site, such as the About Us page and the blog. When you do this, you're looking to see whether or not the content appears to have been generated by humans. You can usually tell based on the way it reads. Artificial intelligence is good, but you can typically spot when a site has been relying on it too much for content creation.
Bogus websites will do this because they want to give the illusion of legitimacy. They want you to feel comfortable enough on the site to start clicking around and eventually land on whatever it is the bad guys have put there to either put malicious software on your computer or, worse, steal from you.
If you're not sure, take a look at the comments on the site. If they too seem automated, this is a sign the site is not driving real engagement. It might say it has thousands and thousands of followers, but if those who interact with content leave generic comments in broken English that were clearly written by a bad computer program, then it's likely the site is not real and should be avoided.
Ads and Redirects
If you're unsure of a site's legitimacy, a good thing to look at is what happens on the site while you navigate around. For example, does clicking on certain parts of the site cause annoying popup ads to appear? Or does it open up new tabs or windows with garbage content? These kinds of tactics are designed to get you to click on something by accident.
For example, this is where you might get a pop-up message saying that your computer has been infected and you need to download an "anti-virus software" right away.
Some of the pop-ups may even have false x's at the top of the window that look like the way to close the pop-up but that are in reality just links to more pop-ups! It can be a never-ending cycle if you're not careful.
Another thing to look out for are redirects. These occur when clicking on a link sends you to another page that's not the one you intended to visit. On sites run by particularly savvy cybercriminals, these other pages might look just like the one wanted to open, so make sure to double-check the URL before proceeding.
In general, though, you will be able to tell if a site is potentially bad after having spent just a few minutes on it. Safe, professional, legitimate sites don't have crazy pop-up ads and out-of-control redirects.
Step 3: Check the Reputation
After you've had a chance to check out the URL and the content, you should have a good idea as to whether or not the site is legitimate. But if you aren't sure, then the next thing to do is to spend some time reading up on the site.
The first thing you should do is simply Google it. Type in something such as "Is ___(website)___ safe?" Or "scams related to X website." Anything related will do, but just make sure to type it into Google and not the URL bar, as this might send you to the real site, and if it is indeed problematic, you'll be in real trouble.
When you do this, see if it comes up in any stories or articles related to scams. Next, spend some time reading reviews about the site. If the site is a full-on scam, there will probably be several other people out there who have fallen victim to the site and reported it.
This is an especially smart thing to do when you're on an eCommerce site that doesn't inspire you with confidence. Read up to see what experiences other people have had dealing with that company. They may have had no issues at all, which would be great news for you. But if someone did get ripped off, they're sure to write about it somewhere, which will hopefully save you from suffering a similar fate as those before you.
You could also check the Better Business Bureau to see if there have been any claims filed against the company you're dealing with.
Step 4: Check for Contact Information
As sort of a last-ditch effort, look for the contact information on the site. It's somewhat normal for sites to not have phone numbers or to not list their address, but they should have an email address or a contact form you can fill out.
Reach out to the site before you make a purchase or give away any personal information. If the site is legitimate, you should get a response pretty quickly after sending a message. But if the site's not safe, then the email either won't go through or it will be left unanswered. If this happens, be thankful you tried to contact someone before doing something you could undo.
If the site does list a phone number, give that a try as well to see if it's real. For spammy sites that aren't safe, the number will almost certainly not work. When there's no contact information at all, take that as a sign that the site is not safe.
How to Stay Safe When Browsing Online
Knowing how to spot an unsafe site before it causes you harm is an important part of staying secure while you're browsing the internet, but it's not the only thing you should be doing to stay safe from the various threats you can encounter online.
Here are some additional things you can do to help you stay safe online:
Safe Browsing Tools
Your browser has a variety of tools you can use to help make it less likely you'll accidentally end up on an unsafe site. To access them, you will need to go into your browser's settings menu, find "Advanced" or "Advanced Settings" and then find the security options.
Some things you can do include blocking ads and other pop-ups, restrict potentially harmful Flash content, send Do Not Track requests that keep your browsing location hidden and secure and also limit access to your microphone, webcam, mobile phone, etc.
If you're worried about stumbling onto a bad site, or if you just want to make sure your privacy is as protected as possible, make sure your browser's security settings are set to the highest level possible.
You'll want to make sure you have some sort of anti-virus software on your computer to help keep you safe from what's out there. Anti-virus software is helpful because it provides another layer of protection between you and the potentially harmful content on the web.
It will stop files from automatically downloading onto your computer without your consent, which can be extremely helpful if you end up on a site with lots of pop-up ads and redirects, and it will also make it easier to quarantine infected files and destroy them before they wreak havoc on the rest of your system.
Another advantage of anti-virus software is that it often comes with a browser extension that makes it much easier for you to determine if a site is legitimate or not. It will tell you right on the screen if it is or not, and while you can still override it and access the site if you really want, this is a great defense against spam websites that can do you harm.
When in Doubt, Don't Click
Lastly, to stay safe online, it's important to adopt safe browsing habits, and there's no better way to do this than to use a "when in doubt, don't click" approach to using the internet.
You can usually tell when something at least appears suspicious, and when you get that feeling, listen to your instincts and run away. It's much better to find out later that the site is okay thanks to some additional research than to learn the hard way that it's not safe.
Taking this approach will make it easier for you to also avoid email scams and other attempts to get your personal information off you and use it to steal from you. As a result, if you can learn how to do it when trying to decide which sites are safe to visit, you will be taking a big step towards avoiding all the different things cybercriminals can do to those who aren't well-versed in online security.
It might seem like a lot to do this each time you visit a new site, but it's important to follow a process to make sure the site you're on truly is safe and legitimate. Plus, over time, a lot of this stuff will become second nature. You will have the tools in place and the knowledge needed to spot suspicious websites from the first moment you see them. This will make it easier for you to avoid the threats you can find online and browse the internet in a much more secure manner.