Being able to know if websites are safe to go to or not is a big issue. It is something that is difficult to determine, yet not impossible. Many of the nefarious websites are starting to learn more about making their sites appear more respectable. However, there are several ways of telling if a website is legit or not.
You should use these methods to check out sites you don’t know before going to them. Definitely check them out before giving up any personal information, such as your banking information and credit card numbers, email addresses, etc. You need to do this for your own safety.
Any site that is unnecessarily asking for personal information is a site to be leery of, especially if this type of information is not applicable for the situation. This type of behavior could be a sign that they are phishing, especially if they are wanting sensitive information.
Be careful when you come across sites that make offers that just seem to good. Consider how they would just be giving something away, and pop-ups that states a plugin is needed to view the content, along with intrusive ads.
These are all signs that they may be trying to trick you. When you come across sites that do this, refer to the methods listed below to be sure those sites are safe to visit.
1. Learn how to investigate a site before you visit it
Clicking a link that doesn’t seem right is not recommended unless you have made certain that it isn’t a dangerous site. These can be suspicious links that come in an email, or links that have been posted online that are not recognized.
You don’t have to visit the site in order to copy the link, you can do this by simply right clicking on it, and selecting “Copy Link Location” or “Copy Link Address”.
If the link looks like it has been shortened, or isn’t a complete URL it must be lengthened before it can be tested, otherwise, the analysis is going to give you results on the site used to shorten the URL.
You will need to unshorten it for analysis, and this can be done by going to unshorten.it and finding the search box. Then paste the short URL, click Unshorten.It!, and it will give you a full address. Don’t forget to copy the URL they give you, it will be needed to do the analysis.
2. Know the basics on analyzing a site
A) Use Comodo Web Inspector and Zulu URL Risk Analyzer
One of the things you should do before visiting a site you feel suspicious of is to copy that sites URL and go to Comodo Web Inspector and paste the URL in. It could take a little while to do the in depth analysis while the check for malicious content is being performed.
To save you time, and to take extra precautions you should be doing the risk analyzer at Zulu URL Risk Analyzer at this time. Comodo Web Inspector will notify you as soon as they have the results.
Should the site rate as a high risk, don’t trust it as it has a very high risk of being dangerous. Should it rate as a suspicious site, it’s more than likely a dangerous site also.
However, you can check out what some alternative services listed regarding the sites rating, for your own peace of mind. If you would like to do that simply paste the URL in the Zulu URL Risk Analyzer.
Then if the choices are offered, choose to have it re-analyzed. This uses multiple ways of analyzing the sites. When the analyzing is complete you will be given the overall score of its risk factor, which is between 0 and 100.
When getting a site analyzed with this method, it also gives you a translation of what the rate of a site means, such as it being Malicious, Suspicious, or Non-Suspicious (Benign). There have been occasions where false positives have shown up sites rated as safe, yet never has there been safe sites rated as Malicious.
Using a service to rate a suspicious website can give you peace of mind. If you should find out that the suspicious site is rated Malicious, you can be quite confident that it is a dangerous site. On the other hand, if it is rated as suspicious or benign it is advised to get a second opinion by having it evaluated using the following:
B) Use URLVoid and VirusTotal
There are databases for engine reputations, as well as blacklists for domains. You can have the suspicious site checked against these. All you have to do is make a copy of the suspicious website’s URL, then paste into VirusTotal.
If this site has been previously rated you’ll want to select to have it rescanned. If by chance this site has been rated as dangerous, then there are likely several services that have it flagged. Also, should the suspicious sites come out with a clean bill of health, it does not mean the site is automatically trustworthy.
You need to paste the URL into URLVoid. Another service you can benefit from, as it will compare the site to the blacklists. When you have the opportunity, select the option that lets you do an update report, getting the latest updated report is always best. If you look toward the top of the page you’ll see when the domain was originally registered.
Take notice of the original date of the registration, this is because the site may be fairly new, and a new site may not yet be flagged, showing that it is dangerous by all services. Locating and getting new suspicious sites analyzed depends on how many and how fast users are considering them as suspicious and having them analyzed.
There are a lot of things to take into consideration, such as older sites (even though once rated as safe) may have been compromised since they were rated safe. Hackers may have since infected it with Malicious malware.
Remember, the site being older, or was once being rated as safe, doesn’t mean it is still safe. Always have sites you are not sure of checked before visiting, it could mean the safety of your computer and personal information.
C) Use Web Of Trust to check Site Reputation
You will get a Trust Score from the URLVoid and you’ll also find the WOT ratings near the bottom of those results. This may help you in deciding if the site should be trusted. You can also click on the button located in the 3rd column in order to get the sites ScoreCard. It will give you much more information, and if people have left comments regarding the site you will find it here.
When reading the comments, keep in mind that anyone can say anything, and it doesn’t always mean it is the truth. If you read over several different comments, by many different people, you can make out what the issues are with the site, and have a better understanding of the sites safety.
Sites with popularity are usually rated already, and the use of WOT by others helps to make your job a little bit easier. This means while you may think you are on PayPal, WOT may be saying the site has not yet been rated.
In this case, you may have just found your way to a phishing site designed to mask the look of the popular site to make you think you’re on the popular site, but you’re not.
3. Check out the SSL certificate prior to purchasing
Just because the methods listed above doesn’t show the site to be Malicious, doesn’t mean there aren’t other things that should be done. Just to be certain before giving any of your personal information out, have the site checked out to be sure their SSL certificate is trustworthy.
Look over the page they are asking you to fill out. Is it is asking for credit card information, bank information, etc.? If so, this site should have some I.D. showing you they are a secure site, do they supply you with proof of a SSL certificate?
When a site uses an encrypted connection, the page you are on will start its URL with https. This means information is more than likely safe. When you’re dealing with sites that use encrypted content during your connection, it’s safe to say that that site is secure. Also, when a site uses encrypted content it’s telling you that only those permitted to operate that site, and you are allowed to view your information.
It is advisable to avoid giving any personal information to a site that isn’t secure, and a secure site will use encrypted content. There are many different kinds of SSL certificates, each providing a various level in trust. If you want to know if a business is legitimate, look for extended validation certificates. This pretty much guarantees it is a legitimate business. Yet, many of the certificates only validate due to the domain.
Some phishing sites will purchase validations certificates (a low level type), and this is done just to make people believe they are legitimate and trustworthy. You can find out more about certificates by going to Comodo site. It is advisable to review all the information they have on the site, as it will help you in determining to trust a site or not.
Never put your complete trust into any domain unless their certificate guarantees itself, and proves itself to be a valid business. Only then can you feel comfortable with it being safe.
4. Report an untrusted site
Anytime someone comes across a site that might be dangerous, it should be reported. If you feel that you have come across a site that could be or is dangerous, then you should take the time to report it. Working together helps to keep everyone safe from dangerous sites.