Much as technology, the invention of the internet has eased the way we lead our lives. It has, though, left us vulnerable to the risks of the new world as well. Not only do we buy our food online today, more than ever, but we still run the risk of falling victim to a web of intricately woven scams and lies, all from the comfort of our sofas. This is why each of us wants to learn how to say whether a website is genuine.
There were 48,362 scams in 2018 in the U.S. alone, according to the Better Business Bureau (BBB) Scam Database, and 23,439 scams have already been registered in 2019. With the figures growing every year, and scammers discovering innovative new methods to conduct cybercrimes, learning to recognise these styles of attacks is essential.
How to know if a website is genuine
We may, at any moment, be in touch with a cybercriminal or fall victim to a phishing attack, given the simplicity of our digital life, and be none the wiser about it. Therefore, if you notice the paranoia grip you have right before you visit a website that your friend told you about or click on the ad flickering in some corner of your phone, it’s understandable. A simple rule of thumb is to pay attention, use good judgement while surfing, and search for signs that will assist you in assessing the website’s reputation.
Here are ten ways to figure out whether a website is true or a fake one:
Verify the Website’s Trust Seal
As an end user, a trust seal helps to demonstrate to you that the page they are on is protected and that the organization itself regards protection as a priority. The stamp issued by a protection partner (such as a certificate authority or CA) is an indicator of the website’s validity. If a trust seal is valid, you will be led to a page that verifies the validity of that seal by clicking on it.
Does It Have the Padlock with HTTPS? Have you seen the details of the certificate?
HTTPS basically ensures that the contact medium is encrypted and protected between you and the server (i.e. an intruder listening in to the network would get encrypted information that is garbled and would not make sense). Encrypted does not ensure that the data will not be stolen by the server you are dealing with. The S in ‘HTTPS’ can do very little to maintain protection if the server is itself malicious.
Look at it this way: While it’s a no brainer that no personal information should be entered on the page if your browser flags a website as “not safe,” But even though the site uses HTTPS, it doesn’t guarantee protection immediately. This is why various degrees of certification are provided by SSL/TLS Certificates.
Click the padlock in the web address bar to access a digital certificate given to a website and pick Certificate if you are using a Google Chrome browser. For Firefox, to show connection information, click on the padlock and then on the arrow. For further information, click and then view the certificate.
Check the Contact Page
Verifying if the website has a physical address is our third guideline on how to know whether a website is valid. Does the business have a phone number and an email ID listed? On the contact side, try sending an email to the ID given and check if it is sent. Ensure that the email is not a standard one (such as firstname.lastname@example.org) but one that comes with the brand of the business (such as email@example.com).
Check Whether the Company Has a Social Media Presence
Many respectable firms have a degree of a social media presence. Often, bogus websites have Twitter or Facebook logos, but the graphics don’t really connect to a real account. On those websites, read business feedback to see how you can find actual company employees on LinkedIn.
Don’t Click on Links Within the Body of an Email
There’s almost never a good excuse to click on links in your email unless you have demanded a password reset page.
They would know your name and use correct grammar if PayPal was writing to you. In comparison, not in a million years will they try to suspend your account indefinitely with a badly written note, use urgent or intimidating words, or force you to supply personal or account information. They’re not going to refer to you as “member” or “customer.”
You should be able to see the exact link where you will be guided by merely hovering the mouse over the login button. Mind that it might direct you to a place that looks eerily similar to the original PayPal page until you press login. Yet there’s a really strong risk that your account will be hacked or your account data will be sold the moment you enter your credentials.
Look for Spelling or Grammatical Mistakes. Does a false sense of urgency exist?
All these are telltale signals of a phishing assault. Of any correspondence that passes their desks, most legal firms make an attempt to maintain minimum service requirements. It’s extremely improbable that you would ever get a badly worded email from an Apple or a Microsoft, aside from occasional real typos. Both messages from reputable firms, even though you do not follow up with their call to action, will have an appropriate tone and will never sound intimidating or threatening.
If the website looks like it was built by a seven-year-old who is trying to draw, or if it has obvious problems with spelling, it’s definitely a malicious website and you can avoid it at all costs.
Use the Google Safe Browsing Transparency Report
Head over to the Google Secure Browsing Disclosure Study if you are in question about the privacy of a website. This application helps you to insert a URL to verify if the site is secure for surfing or whether it hosts any malware.
Pay Close Watch for the URL
Check that the website is not undertaking a phishing assault on a homograph. When trustworthy legal domains such as a domain registered as xn—pple-43d.com is shown as apple.com, browsers can be fooled into viewing false domain names.
Alphabets that look similar to other foreign languages, such as the Cyrillic script, can be used to manipulate URLs. Using subdomains, the URL may be built to look a certain way, but if carefully investigated, the name of the real domain appears just before the TLD. Copying and pasting the URL into another tab is an easy way to determine whether a URL is a homographic phishing attack. The URL will show as “https://www.xn—80ak6aa92e.com/” when pasted on the address bar before you login and load the site.
Know the apparent symptoms of malware on websites
Usually, online defacement assaults, questionable pop-ups, and ads trying to entice you to click on them are suggestive of fraudulent websites egging you on your machine to download and run a malware. Be cautious to websites that redirect you to other advertising websites or to a legal search page that requires you to enter personal information. When clicking on any advertisement, please exercise caution!
Add-Ons and Tools for Encryption
There are apps and add-ons that will help you remain secure online as well, in addition to the measures we mentioned above on how to say whether a website is genuine.
URLs are evaluated by utilities such as Norton Secure Page and Virus Total to inform us whether the website we are involved in accessing is safe or harmful. A few plugins and software can even come in handy to discourage us from visiting fake websites, in addition to the above precautionary measures.
- Netcraft Extension: This app helps you to easily look up the places that you want to visit and offers phishing security.
- Disconnect: This tracker blocker helps you to see anything on a page that watches you and encourages you to uninstall it.
- Webroot Filtering Extension: By blocking and filtering out harmful websites, this application keeps you safe.
- Privacy Cleaner: This program runs in the background and alerts you to your files and details if a website or client wants to reach it.