Is This Website Safe? 6 Ways You Can Tell if a Site Is Legit

February 20, 2024 in Cyber Attacks

Every website owner should take responsibility for ensuring the safety of their visitors, but unfortunately, some websites just aren’t secure. An unsafe website can spread malware, steal your information (possibly for identity theft), send spam, and more. To protect yourself and your personal information from hackers, it’s important to know what a legitimate website looks like. But how can you tell? Look for these six signs that a website is safe:

HTTPS in address bar graphic.

1. Look for the “S” in HTTPS

If HTTPS sounds familiar, it should – many website URLs begin with “https” instead of just “http” to indicate that they are encrypted. This security is provided by an SSL certificate, which stands for Secure Sockets Layer certificate. It protects sensitive information entered into that website as it travels from the site to a server through a secure connection.

A bonus to having that security certificate is the lock icon it provides. If you glance at your web browser's address bar, you'll notice a small padlock preceding our blog's URL. Clicking on it may reveal a message confirming the site's security, such as "the connection to this site is secure," depending on your browser's settings.

Without an SSL certificate, that information is exposed and easily accessible by cybercriminals. It’s important to note that HTTPS isn’t the only sign of a secure website, but it’s a good sign that the website owner cares about your safety. Whether you’re logging in, making a payment, or just entering your email address, check that the URL starts with “https.”
SiteLock privacy policy graphic.

2. Check for a website privacy policy

A website’s privacy policy should clearly communicate how your data is collected, used, and protected by the website. Nearly all websites will have one, as they are required by data privacy laws in countries like Australia and Canada, and even stricter rules have been introduced in the EU. A privacy policy indicates that the website owner cares about complying with these laws and ensuring that their website is safe. Be sure to look for one and read it before giving your information to a website.

3. Find their contact information

If finding a website’s contact information makes that site seem more trustworthy to you, you’re not alone. A survey of website visitors found that 44 percent of respondents will leave a website that lacks a phone number or other contact information. Ideally, a safe website will display an email address, a phone number, a physical address if they have one, a return policy if applicable, and social media accounts. These won’t necessarily provide protection, but they indicate that there’s likely someone you can reach out to if you need assistance.
Image of a trust badge.

4. Verify their trust seal

If you see an icon with the words “Secure” or “Verified,” it’s likely a trust seal. A trust seal indicates that the website works with a security partner. These seals are often an indicator that a site has HTTPS security, but they can also indicate other safety features, like the date since the site’s last malware scan.

Although 79 percent of online shoppers expect to see a trust seal, the presence of the seal isn’t enough. It’s also important to verify that the badge is legitimate. Fortunately, it’s easy to do – simply click the badge and see if it takes you to a verification page. This confirms that the site is working with that particular security firm. It doesn’t hurt to do your own research on the company supplying the badge, too!

SiteLock website information from a verified trust seal.

If a trust seal is legitimate, clicking on it will take you to a page that verifies the authenticity of that seal. As an example, SiteLock’s verification page looks like this.

An example of a suspicious pop-up.

5. Use free website security tools

Make sure you’re not accessing a malicious website with Google Safe Browsing. This free tool helps protect internet users from visiting dangerous websites or downloading malicious files. It not only identifies and flags websites that contain malware or phishing content, warning users before they can even access them, but Google Search Browsing also constantly updates its database of unsafe websites.

SiteLock also offers a free website scanner. Simply input your domain name, and SiteLock will conduct a free external scan, searching for known malware or malicious code while ensuring your site is up-to-date and secure. While this scan is effective at detecting visible malware, certain types may require deeper investigation with server access. For a thorough check, we recommend website owners conduct a comprehensive full scan, especially if server issues are suspected.

6. Know the signs of website malware

Even if a website has an SSL certificate, a privacy policy, contact information, and a trust badge, it may still not be safe if it is infected with malware. But how do you know if a website is infected with malware? Look for the signs of these commodn attacks:

  • Defacements. This attack is easily spotted: cybercriminals replace a site’s content with their name, logo, and/or ideological imagery.
  • Suspicious pop-ups. Be cautious of pop-ups that make outlandish claims – they are likely trying to entice you to click and accidentally download malware.
  • Malvertising scams. Some malicious ads are easy to catch. They typically appear unprofessional, contain grammar/spelling errors, promote “miracle” cures or celebrity scandals, or feature products that don’t match your browsing history. It’s important to note that legitimate ads can also be injected with malware by scammers, so exercise caution when clicking.
  • Phishing kits. Phishing kits are websites that imitate commonly visited sites, like banking websites, to trick users into handing over sensitive information. They may appear legitimate, but spelling and grammar errors will give them away.
  • Malicious redirects. If you type in a URL and are redirected to another site – especially one that looks suspicious – you have been affected by a malicious redirect. They are often used in conjunction with phishing kits.
  • SEO spam. The appearance of unusual links on a site, often in the comments section, is a sure sign of SEO spam.
  • Search engine warnings. Some popular search engines will scan websites for malware, and place a warning on that site if it is definitely infected with malware.

It’s unfortunate that not every website is trustworthy and secure, but don’t let that keep you from going online – just do it safely! Simply being able to recognize a safe website can go a long way to help protect your personal data. A legitimate trust seal, “https,” a privacy policy, and contact information are all good signs that a website is safe! For more on protecting your information online, check out our cybersecurity resources.

Learn more about SiteLock’s malware removal services and if your site’s security has already been breached, see how we can help fix your hacked website immediately.

Latest Articles
Follow SiteLock