Every website owner should take responsibility for ensuring the safety of its visitors, but unfortunately, some websites just aren’t secure. An unsafe website can spread malware, steal your information, send spam, and more. To protect yourself and your personal information, it’s important to know that a website takes your safety seriously – but how can you tell? Look for these four signs that a website is safe:

1. Look for the “S” in HTTPS

If HTTPS sounds familiar, it should – many URLs begin with “https” instead of just “http” to indicate that they are encrypted.This security is provided by an SSL certificate, which protects sensitive information entered into that site as it travels from the site to a server. Without an SSL certificate, that information is exposed and easily accessible by cybercriminals. It’s important to note that HTTPS isn’t the only thing a website can – or should do – to protect its visitors, but it’s a good sign that the website owner cares about your safety. Whether you’re logging in, making a payment, or just entering your email address, check that the URL starts with “https.”

2. Check for a website privacy policy

A website’s privacy policy should clearly communicate how your data is collected, used, and protected by the website.  Nearly all websites will have one, as they are required by data privacy laws in countries like Australia and Canada, and even stricter rules have been introduced in the EU. A privacy policy indicates that the website owner cares about complying with these laws and ensuring that their website is safe. Be sure to look for one, and read it over, before giving your information to a website.

3. Find their contact information

If finding a website’s contact information makes that site seem more trustworthy to you, you’re not alone. A survey of website visitors found that 44 percent of respondents will leave a website that lacks a phone number or other contact information. Ideally, a safe website will clearly display an email address, a phone number, a physical address if they have one, return policy if applicable, and social media accounts. These won’t necessarily provide protection, but they indicate that there’s likely someone you can reach out to if you need assistance.

4. Verify their trust seal

If you see an icon with the words “Secure” or “Verified,” it’s likely a trust seal. A trust seal indicates that the website works with a security partner. These seals are often an indicator that a site has HTTPS security, but they can also indicate other safety features, like the date since the site’s last malware scan.

Although 79 percent of online shoppers expect to see a trust seal, the presence of the seal isn’t enough. It’s also important to verify that the badge is legitimate. Fortunately, it’s easy to do – simply click the badge and see if it takes you to a verification page. This confirms that the site is working with that particular security firm. It doesn’t hurt to do your own research on the company supplying the badge, too!

If a trust seal is legitimate, clicking on it will take you to a page that verifies the authenticity of that seal. As an example, SiteLock’s verification page looks like this.

5. Know the signs of website malware

Even if a website has an SSL certificate, a privacy policy, contact information, and a trust badge, it may still not be safe if it is infected with malware. But how do you know if a website is infected with malware? Look for the signs of these common attacks:

  • Defacements. This attack is easily spotted: cybercriminals replace a site’s content with their name, logo, and/or ideological imagery.
  • Suspicious pop ups. Be cautious of pop ups that make outlandish claims – they are likely trying to entice you to click and accidentally download malware.
  • Malvertising. Some malicious ads are easy to catch. They typically appear unprofessional, contain spelling/grammar errors, promote “miracle” cures or celebrity scandals, or feature products that don’t match your browsing history. It’s important to note that legitimate ads can also be injected with malware, so exercise caution when clicking.
  • Phishing kits. Phishing kits are websites that imitate commonly visited sites, like banking websites, in order to trick users into handing over sensitive information. They may appear legitimate, but spelling and grammar errors will give them away.
    Malicious redirects. If you type in a URL and are redirected to another site – especially one that looks suspicious – you have been affected by a malicious redirect. They are often used in conjunction with phishing kits.
  • SEO spam. The appearance of unusual links on a site, often in the comments section, is a sure sign of SEO spam.
  • Search engine warnings. Some popular search engines will scan websites for malware, and place a warning on that site if it is definitely infected with malware.

It’s unfortunate that not every website is trustworthy and secure, but don’t let that keep you from going online – just do it safely! Simply being able to recognize a safe website can go a long way to help protect your personal data. A legitimate trust seal, “https,” a privacy policy, and contact information are all good signs that a website is safe! For more on protecting your information online, check out our blog on safe online shopping.