Cybercriminals love this time of year. They go all out with phishing campaigns to get you to click on malicious links. Bad links can harm you in two ways; by either leading you to an unsafe website to steal your information or infecting your device with malware.
It can happen to anyone. Scammers have become more sophisticated. Scam websites often look professional because they avoid the cliched telltales of bad web design, poor spelling, and garnish popups.
How do you know if you can trust a website? You should use a URL scanner to block dangerous websites, of course! But there are other ways to determine whether a website is safe. Here are 10 ways to help you spot a fake or scam website.
Is it HTTPS? Does it have a lock?
A URL that starts with HTTPS means your communication to the site’s web server is encrypted. Websites with the encryption always have a lock symbol to prove the site has an SSL certificate. SSL certificates are free, so any site without one has been neglected and probably hosts malware. Avoid sites without a lock symbol.
TIP: If you click on the lock icon, you can get more information about the certificate and the credentials of the company that issued the certificate.
Beware of Trust Seals
Shopping sites show trust seals on their shopping pages. Trust icons usually contain the words “Verified” or “Secure” and are intended to – you guessed it – inspire trust among shoppers. But don’t trust a trust seal because the seal says it is trustworthy!
Here’s how hackers fool you: Anyone can download a picture (.png or .jpg) of trust seal icons for free from the internet. They are easily mistaken for the real deal. However, a true trust icon gets embedded into the website’s HTML, not displayed as an image.
Companies serious about safety would get accredited via a rigorous verification process or use a reputable trust verification company. Legitimate companies pay trust verification companies for the right to embed trust icons, and they pay extra for additional website security layers.
TIP: Attackers can mimic trust seals or display lookalike images on their websites. Click on the embedded trust icon for information about the company’s trust verification partner.
Check the URL for spoofing
The word ‘spoofing’ sounds like fun, but spoofed websites are extremely dangerous. Spoofing is when hackers create a lookalike of a popular website, like Facebook or your bank. Then they use phishing emails to lure you into clicking a hyperlink leading to the spoofed site.
When you enter your login information, they capture your credentials and then redirect you to the real site – where you may be surprised to discover that you must enter your login details again. You may never realize that you’ve been spoofed and that your account is as good as being hacked!
TIP: Don’t click on links in emails unless your VPN URL scanner clears it. Ignore hyperlinks in emails – rather, use your browser to search for the domain. If you receive a mail that looks a little suspicious, examine the spelling of the domain name in the URL. There may be tiny differences from the real brand name, such as “bank0famerlca” instead of “bankofamerica.”
Buyer reviews and Social Proof
Look for customer reviews on third-party sites like Reddit, TrustPilot, or Reviews.io. If you can’t find anything on product review sites, or if you see loads of bad reviews, steer clear of the business. But if there are only a few super-glowing reports, remember that scam sites can submit false positive reviews!
TIP: If the company has no social media accounts, or a meager following of suspicious-looking people, you should dig a little deeper before you buy from them.
Five more significant website checks
Stay alert for these signs that it might be a scam website:
- Any website that collects your information but has no privacy policy doesn’t take your data privacy seriously. Don’t even give them your email address.
- Legitimate businesses usually display a phone number, email address, and physical address on their website because they know it’s high-priority information for potential clients.
- Scam sites don’t always have spelling errors and grammar mistakes! Scammers even hire qualified web designers to make sites look like the original. You can’t always tell, and it’s best to rely on a URL scanner or other digital tool to help you distinguish scam sites from legitimate sites.
- If the website loads slowly, the prices are too good to be true, and the images are of poor quality, it’s time to back out.
- Popups begging you to click them can be a crucial red flag that the site employs malvertising. If you click on a compromised special offer button, it could start the download of a virus or ransomware. Your URL scanner should protect you from such threats.
Four Digital tools to check if a website is legitimate
The number one digital tool to check if a website is legitimate is a VPN with a URL scanner and antivirus capabilities.
- You can use a VPN alongside your antivirus, but a VPN’s job is to provide a secure, encrypted internet connection while you’re online. It also protects your privacy, can detect redirects, and will block harmful downloads.
- A password manager protects your passwords and helps you to log in on sites where you have an account. A spoofed website might fool you, but it can’t fool a password manager. If you land on a spoofed website, e.g., a spoofed Facebook login page, the password manager won’t recognize the site and won’t offer to help you log in.
- Search engines may warn you if they detect malware on a site. False positives are rare – it’s best to heed the warning.
- An antivirus will block malicious downloads and prevent malware from infecting your device.
Conclusion
Most ransomware attacks originate from links received via email. It can be very hard to tell if the links lead to legitimate websites or scam sites. Use digital tools as a first line of defense against malicious links and scammy websites to stay safe from scams.
“Creator. Troublemaker. Hardcore alcohol lover. Web evangelist. Extreme pop culture practitioner. Devoted zombie scholar. Avid introvert.”