Phishing scams use social engineering to trick users into downloading malware or giving out sensitive data. One infamously popular method is to create a phony lookalike website that is then used to trick you into entering your login credentials or account info.
Short of sending you to a decoy site designed to capture your keystrokes, social engineering can also lure you to an infected website that downloads malware into your system. Or you could be presented with a malicious link that, once clicked, grants remote permissions to a cybercriminal. Nobody wants to be this kind of victim.
The good news is that nobody has to be. The 3 website safety tips below will clear away the uncertainty and teach you how to identify if a site is trustworthy or not. First, you’ll learn a couple of simple visual checks that give you useful info at a glance. Then, we’ll explain the website safety tools you should have in place to inform and guide you. Finally, we’ll tell you how to research a little deeper should any questions still remain. Now let’s get savvy and put the fun back into web surfing.
1 - Website safety visual checks
Double-check those URLs — Let’s start with the easiest tip. It’s really no more difficult than making sure the URL looks legit. Before you click any link, hover your cursor over it and look at the bottom left corner of your screen where the URL is displayed. The first trick of phishing is to look as authentic as possible. At first sight, the URL might look like the real McCoy, but closer inspection may reveal a 1 instead of an l, or .net instead of .com. Train yourself to sanity check each and every URL before you click or before you enter any personal information like a username and password.
Check for https — Those letters you see at the start of every URL stand for Hypertext Transfer Protocol (http). It’s the foundation for how data is communicated on the web. And while it’s eminently useful, it’s also easily hackable. The addition of an "S" as in “https” (and the lock icon), however, tells you that the site is secure. Websites with a padlock icon in the address bar and an https prefix are encrypted and have a trusted SSL certificate, basically guaranteeing a secure connection between website and browser. If you cannot verify that a website or link is safe with https, be on your guard and do not enter any personal information.
And, do note: cybercriminals do everything in their power to present themselves as legit, so while https: websites are more secure, you could be on to one that is run by a crook. So, if you are still suspicious about an https: site, use the other safety tools below to check if a website is safe.
2 - Website safety tools
Use your built-in browser tools — The first tools you should familiarize yourself with are the security measures already in your browser. Look at your privacy and security settings. Chances are, you’ll find the default settings are more lax than you like. Manually adjust the rules and settings in the way that makes you comfortable. Block popups, prevent automatic downloads, don’t allow tracking. Your options will vary depending on your browser of choice.
Run an online website safety check — There are several from which you can choose, but we recommend VirusTotal for its unbiased position. These online tools use antivirus scanners and other security solutions to check a website for any threats. Simply enter the URL you want scanned into the search bar on the site, and get instant results.
Enter a URL, and VirusTotal will tell you if the site is suspicious.
Install web security tools — For total website safety confidence, protect yourself with top-of-the-line cybersecurity suites, such as Avast Free Antivirus. You can also add the benefit of privacy to website safety if you go with a virtual private network like Avast SecureLine VPN. And we’d be remiss if we didn’t mention Avast Secure Browser, the most security-forward browser available on the market.
Avast Secure Browser is a private, fast, secure browser that protects you online. And, it’s free.
3 - Website safety quick research
Check contact details for the website — If you’ve done all of the above and you’re still not quite sure, then march on up to the front door and knock. That is to say, find the “Contact Us” info on the site and give them a call. Depending on how (and if) they answer will clue you as to whether or not it’s a legitimate operation.
Check if your antivirus has an Anti-Phishing Certificate — Not all do. Look for 3rd-party labs who test for anti-phishing, such as AV-Comparatives. They test antivirus products against phishing URLs (which attempt to get your personal information) and they check for false positives when it comes to legitimate banking websites, to make sure the security product knows the difference. Avast Free Antivirus passed and was the only free software awarded their Anti-Phishing Certificate.
Look up the domain owner of the website using WHOIS — You can also research who owns a particular domain by checking the public records available through a WHOIS search. Learn everything about the domain, including who registered it and when.
The internet is teeming with phishing scams. No brand is safe from being falsified, and no user is safe from being targeted. More than ever before, we need to take responsibility for our own online safety. Follow the tips above and stay smart. We can give you all the info you need, but your greatest defender is you.