Regardless of how you got there — a link from an email, a social media post, or a Google search result — it’s imperative to check the legitimacy of a website before you type in any personal information.
Because the website could be designed to scoop up your details and use them to make unauthorized purchases or infect your computer with malware, and then snag your sensitive information for criminal purposes. If you know what to look for, you can avoid these online traps.
Before you click on any website, check the spelling of the URL. Scammers can create look-alike websites, but they can’t duplicate a URL. If you see something like Paypa1, you can be sure it’s a malicious site. If the spelling checks out, run this little test to verify that the URL will actually take you to that website. Hover your mouse over the link above, but don’t click it. In Edge, Firefox and Chrome, you should see the URL that it links to at the bottom-left of your browsing window. Safari users require an extra step. First, click the View menu, and then select Show status bar. Hover over the link and you’ll see where it leads in the bottom left corner of your window.
Redirect links should also be tested, but where they go is not so straightforward. A common example of a redirect is a shortened link created by a service such as bit.ly. These are used frequently in social media posts to conserve characters and are usually legitimate. However, scammers use shortened links too to take you to a malicious website. A quick way to check is to copy the link (right click and select “copy link URL” and paste it into https://redirectdetective.com/, which will show you the final destination.
Once you’ve navigated to a website, look for SSL certification. You’ll find it in the address bar. Look for a small padlock in front of the URL, which indicates the website is using the HTTPS protocol to encrypt communications between your computer and the website. If you don’t see a padlock, move on to an alternate website. But a padlock doesn’t guarantee safety. For an extra layer of protection, run a URL through Google’s Safe Browsing site at https://transparencyreport.google.com/safe-browsing/search. The company says it discovers thousands of new unsafe sites, many of which are legitimate websites that have been compromised.
You should also look for trust seals, which are usually found on homepages, login pages and checkout pages. Companies use these to remind consumers they are on a trusted website. You’ll see some kind of logo, often using trust in the name, such as Google Trusted Store and TRUSTe Certified Privacy. But don’t take these logos at face value because anyone can add a logo to a webpage. Take the time to click on each one. They should open a page with specific information that shows the associated website, which should match the website you’re on, dates of the certificate’s validity and other security information. If you can’t click through from the logo, it’s likely a fake.
Following these steps will help you steer clear of bad sites, but if you’re at all unsure, trust your gut and close the window. As a precaution, keep an eye on your bank accounts and other websites that you share sensitive data with to detect any irregularities. Keep your operating system and programs up to date and run an antivirus program on a regular basis.