Is this a legitimate website? How can I check if the website is safe?

Legit Website

Malicious websites available throughout the internet, finding a trustworthy website is very difficult. We need to browse intelligently and ensure that the site is not harmful through multiple approaches. In general, typing the website URL instead of pasting a copy or clicking a URL is good. Check the website that works with HTTP OR HTTPS as well.

Website Investigation

  1. Double-check the domain name

Many fraudulent websites use a domain name which refers to a well – known brand or product name. But the official website is not going to be.

You should also be careful about domains that end in.net or.org as they are seldom used for online shopping, so that dubious organizations may have acquired them.

You would be shocked to learn how many people pay little attention to their browser’s address bar. This is an enormous mistake. The address bar contains a lot of important information about where you are and how safe you are. So get used to looking up occasionally whenever you visit a new page. In fact, most browsers follow a concept called the Death Line.

The idea is that a user should never have confidence in anything under a certain point on the browser, the so-called death line. An attacker can control all underneath the line (and even things above it) so you need to know where to find reliable information.

  1. The Favicon– Websites can put any icon on the tab.
  2. Domain Name– it’s part of the URL, and it’s reliable as long as you know what you need (more in a second).
  3. Path / Director File– Ditto.
  4. Web contents area– Whatever the attacker wants to be, including a very persuasive web site spoof.
  1. Check Security Indicators for Connection

Return to the address bar. If the last point did not emphasize the importance of this browser function, the point should be brought home. There are several connection indicators in the address bar that let you know if your connection to this site is private.

As we mentioned earlier, Internet connections can be eavesdropped. The internet was built on the HTTP or transmission protocol of hypertext. The internet was not used for business activity when HTTP was first defined. Indeed, online commercial activity was actually illegal at the time.

The internet was supposed to be primarily a platform for free information exchange between academia and government. Any HTTP-based communication is sent in plaintext and it can be intercepted, manipulated and stolen— named.

SSL or Secure Sockets Layer has been developed to remedy this. The TLS or Transport Layer Security was later successor to SSL. Today, we refer to both as SSL colloquially.

Anyway, HTTP + TLS= HTTPS, a secure HTTP version that prevents anybody from intercepting and reading communication except you and the website with which you are connected.

This is lots of data, but it is what you need to know: HTTP= Bad HTTPS= Good Never trust your personal data on an HTTP website. Now let’s get to the security indicators for the connection.

EV SSL enabled domain

Both of these icons indicate that you have a secure connection to the website using HTTPS. If you see any, your connection is secure and you communicate with the website listed on the URL privately. Remember, the padlock icon will have most secure connections, but some may have the Green Address Bar as well. Or rather, it used to be green evenly.

Legit website

Several browsers now display the EV Name Badge in various ways. The green address bar / EV Name badge is only displayed when a website uses an extended validation (EV) SSL certificate. This certificate enables a website to confirm its identity and to prove that it is managed by a legally constituted real-world company. Browsers provide preferential treatment for websites with EV SSL certificates by showing the company name to the left of the URL.

You can relax when you see an EV name badge— you are safe. The green address bar can’t be faked, it’s unquestionable proof of identity — and trustworthiness by extension.

EV name badge’s exact appearance varies by browser. The name is sometimes in green, sometimes in a green rectangle, sometimes not green.

A URL can contain HTTPS, but the padlock icon can not appear properly as well. This shows that there is a security problem with the connection— usually a mixed content when a site still loads certain HTTP assets — and this is cause for concern. If so, it’s best to assume that you don’t have a secure connection.

The “Not Secure” Warning will now be displayed on all websites served via HTTP as of July 2018. You will immediately see that your connection is not secure. One thing more: a secure connection does not necessarily mean a secure website.

Many fake sites use free SSL certificates. Think about this: You should only go to sites that use HTTPS. It doesn’t mean that you can automatically trust it just because a site has HTTPS.

Just because you have a secure connection (which should be obligatory), you do not necessarily know who is at the other end of the connection.

Apart from Extended Validation SSL and the on-site name badges you will have to sleep a bit more to make sure the site is legitimate.

  1. View Certificate information

This one is a lot more advanced, because it involves plunging a little closer into the menu of your browser and it can be misleading if you don’t understand SSL correctly. If a Website has no green address bar, the most you can tell is that your link is secure because of the presence of security connection indicators.

This means that no third party can wake up and steal information. But as we just talked about, it doesn’t mean, though, that you are safe. It’s because, at the other end of the connection, you don’t know yet.

Fortunately, this information could be provided. Here is how it can be found. Most browsers (such as Safari or Firefox) can view the certificate by clicking on the padlock icon in the address bar.

certificate details

The topic is the website or organization represented by the certificate. Depending upon the type of certificate (DV, OV, or EV), the subject contains various quantities of information. Only a domain name will have a DV certificate.

Limited company information (Name, State / province and country) will be included in the OV certificate. An EV has detailed information from the company, such as an accurate street address. The EV certificate can be recognized if the browser shows the EV Name Badge. Extended validation provides the most information, and therefore has a special visual indicator.

If an organisation has an OV SSL certificate–recommended as a basis to e-commerce firms, financial institutions, etc.–the certificate information can be used to see verified business details. You are okay, provided the website is registered with the right company. You may have confidence in this site. If not, you have to be careful. It is also possible that this information is not provided at all.

If this is the case, the website has only a SSL validated domain certificate. This means that you should not distrust the site automatically, but it does mean that you must remain skeptical until the site can prove its legitimacy.

  1. Look for Trust Seals

When a company or organization invests substantially in the safety of its customers, they typically want some credit for this. This is one of several reasons why there are confidence seals. You probably saw more than a few trust seals on the internet in your time.

Confidence seals are usually placed on homepages, login pages and checkout pages. They are recognizable immediately and remind visitors on this page that they are secure. There is no difference between placing a sign or a sticker in your window to advertise your security system.

People know what it means when they see it. Most SSL certificates have trust seals that display verified information when you have clicked on them. This is important as it allows you to understand that the SSL certificate is well established and that additional security mechanism, such as malware scans and security assessments, may also be in place. Nor are SSL / TLS certificates the only products with site seals. But, because it is not enough to see the site seal, it is important to click it to verify that it is legitimate.

5. Google Safe Browsing: Is the website is legitimate?

Google states that “Safe Browsing is a service that Google’s security team has built up to identify websites that are unsafe throughout the web and report possible harm to users and webmasters.

Google discloses details in this Transparency Report on threats we detect and warnings to users. We share this information to raise awareness of unsafe websites and hope to promote progress to a safer and safer web.

Safe Browsing also notifies webmasters when malicious actors compromise their websites and help them to diagnose and solve the problem so their visitors remain safer.

Safe Browsing protects Google products and enables more secure browsing on the Internet. Check whether or not the website is unsafe–Google Safe Browsing

Blacklist Dangerous sites (Report Now)

  1. Fortinet
  2. Sophos
  3. Trustwave
  4. Bitdefender
  5. Norton
  6. Stopbadware

Blacklist Phishing Sites (Report Now)

  1. K7
  2. AVG
  3. McAfee
  4. Comodo Web Inspector
  5. Malwarebytes

Check for website Reputation

To help detect websites fraudulent and malicious by analyzing the website through multiple blacklist engines and online reputation tools.. This service helps you to identify websites that are involved in malware, fraudulent activities and phishing sites.

Important website reputation check tools

  1. urlvoid
  2. mxtoolbox
  3. Zulu URL Risk Analyzer
  4. TrendMicro Site safety
  5. Norton safeweb

Don’t hesitate to check this while you do bigger transactions.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.