Many cybersecurity attacks don’t require you to download anything to be effective. Just browsing to the wrong website and entering your information is all someone needs to steal your information or even infect your computer with malware. It’s important that you understand how to tell if a website isn’t secure so that you can avoid falling victim to one of these tricks. This is important on your personal computer as well as on work devices, because if you make a careless mistake and infect your company network it could cost you your job. Here are some of the signs you can look for to indicate that a website is safe:
1) HTTPS
Almost all URLs start with HTTPS or HTTP, which indicates whether your communication to that web server is encrypted. If a website is using encryption to protect your information then it should have a lock symbol with https at the beginning of the URL. This security is provided by something called an SSL certificate, which attests to the fact that this site is protecting sensitive information. If you click on the lock symbol and click on certificate you will be given more information about the certificate and the company that issued the certificate.
This is very important for websites that accept personal information like your address, phone number, credit card information etc because if they don’t use encryption someone can eavesdrop on your communications and steal that information.
2) Check the URL
One way a hacker will trick people into giving up their account information and payment information is to create a replica of a popular website. For example they may make a duplicate of Facebook or Instagram, that looks identical to the original website. Once they have the replica, they will try to get someone to go to the website thinking that it is the original and enter their login information. The information is sent to the attacker, the page automatically refreshes and sends you to the real login page. Here you able to login and you never realize what has happened.
To prevent this it’s good to check the url for typos or small differences from what you expect it to say. Whenever these fake sites are made they can’t use the original URL because it’s taken, they will have to use a different URL and that often gives the website away as being a fake. Also, it’s a good practice to use password managers to remember passwords on your computer. Even though you can be fooled by the visual look of a website, the password manager won’t. For example it won’t provide your real instagram password to a fake instagram website, this way it prevents you from falling for one of these fake websites.
3) Check the website’s privacy policy
A website’s privacy policy will tell you how your data is collected, used and protected on the website. Most websites for large companies will have one, it is required by law in some countries. If a website collects your information and doesn’t have a privacy policy it should be a red flag that the site may not be legitimate or doesn’t take your data privacy very seriously. So be sure to look for one and read through it so you understand how your information will be used.
4) Check for contact information
A legitimate business will usually provide a phone number, email address, physical address as well as social media accounts associated with that business. These act as proof that this business is legitimate and you can look up those addresses to see if the company is who they claim to be.
5) Look for trust seals
Trust seals are verifications from third party sources such as mcafee, google, paypal and norton to name a few. These seals are usually placed on homepages, login pages and checkout pages. They give visitors assurance that the website is secure and legitimate. You can click on a trust seal and get further information on how the company is verified by the third party. This is an example of the information you can find for a website verified by Norton:
6) Look for signs of malware
Many times a website can be infected with malware that is designed to infect users that browse the website. This can be with or without the owner’s knowledge. In many cases hackers can insert code into the webpage through input forms and that code will execute anytime someone loads the webpage. Here are some common signs of malware on a webpage:
-Pop Ups: Pop ups that try to convince you to click on them often result in someone downloading malware by accident. A common example is a message saying your computer is infected with malware and promising to download an antivirus that will remove it(scareware).
-Defacement: Many hackers, especially hacktivist will deface company websites as a sign of protest or to spread a political message. When this happens it is a sign that they were able to compromise the web server and therefore that website is no longer secure.
-Malvertising: This is the practice of putting advertisements with malicious code on a website so that when someone clicks on them, they will download malware. Some of the signs that an ad is malvertising is that it appears unprofessional, spelling/grammar errors or featuring products that don’t match your browsing history.
-Search Engine Warnings: Many search engines scan websites for malware. If you ever get a warning that a website is unsafe, heed these warnings because there is a high probability that the website has malware on it.
7) Use Reviews
If you’re dealing with a company or website you’ve never used before it’s a good idea to google it’s name and find out what other people have to say about it. Social proof isn’t the ultimate deciding factor but it can help you determine if a company is a legitimate business. Forums such as reddit are a good place to start for getting other people’s opinions and experience with a website.
Final Thoughts
Browsing the internet is an almost essential part of modern-day life so it’s important to know how to tell a legitimate website from a fake or infected website. Using these tips, you can have a high level of confidence that a website is safe and trustworthy. Also, while browsing the internet you want to ensure that you keep your firewall on and change your settings so that you must give permission before allowing your computer to download anything from the internet. This way it significantly reduces the chance of malware being put on your machine without your knowledge.