The internet has become an integral part of our lives. We use it for shopping, entertainment, education, bill payments, and many other important purposes. It is obvious that we come across many different websites on a regular basis.
According to Netcraft, there were 1,197,982,359 websites circulating on the internet by January 2021.
Out of them, some will be totally legit, while some are going to be infected with viruses or run phishing scams. The question is, how would you differentiate legit sites from fake ones? The good news is you don’t need to be a tech expert to do that.
There are some simple red flags that you can observe and recognize a dangerous site. In this article, we will cover five tips to help you understand if a website is fake or legit.
Know the Signs of Malware-Infection and Phishing Sites
These are some obvious signs of a malware-infected (viruses, worms, trojan horses, etc.) website. Beware if you see anything like these on a website you are visiting.
- Too many “Download,” “Play,” or “Install” buttons are placed in a deceptive manner.
- Something gets downloaded on your system automatically, even if you haven’t tried to download anything.
- If you click on something and you are redirected to a totally different-irrelevant site.
- If new tabs (mostly advertising) start opening up in the background automatically.
- If the website has an unusually large number of pop-ups and redirects.
- If the advertisements displayed on the website look too unrealistic or deceiving. For example, winning online casinos, lottery, lucky draw, etc.
- If the site asks you to download special software (like flash player, Adobe, etc.) to view any content, but you already have those apps in your system. Note: If you still want to download the required software, make a separate Google search and download it from the official website instead of clicking on the given link in the prompt.
- Beware of scareware: Scareware means fake advertisements/popups that tell you that your computer is infected with viruses and offer free or paid antivirus removal services. But in reality, this software is malware itself. If you think your system has viruses, always download trusted and reputed companies’ antivirus software, such as Comodo, Malwarebytes, Avast, etc.
Beware of Cybersquatting to Avoid Phishing Sites
Hackers use a technique called cybersquatting for making phishing sites. Here, the attacker buys a domain name that closely resembles the popular brand name and its website.
These are some of the cybersquatting tricks attackers usually use.
Attackers make fake sites by buying domains with
- misspelled domains like Microsft.com, facbook.com, twittter.com
- adding extra words in the original domain. For example, ebayreturns.com, facebooksupport.com, newsbbc.com, amazonshop.com
- interchanged the words. For example, newsfox.com, palpay.com, fargowells.com
- different TLDs. For example, Amazon.cm, Apple.org, etc.
They make the replica of the original site using the same color schemes and fonts. Attackers’ goal is to make visitors trust the fake site and make them share their login credentials, credit card info, SSN, physical address, email address, etc.
If you find anything fishy or slightly off about the site, just copy-paste the URL in the Google Safe Browsing Transparency Report. It will show whether the website is having any harmful content. But above all, whenever you arrive on a site, do pay close attention to the URL and make sure the website’s name and spelling are correct.
Look for the Padlock Sign
When you open a website, check whether there is a padlock symbol (lock sign) in front of the domain name in the address bar. The padlock represents that the website has installed an SS/TLS certificate, and all the data transferred between you and the site’s server is safe. The SSL/TLS certificate enables data encryption.
No hacker can decrypt, read, interpret, steal, or modify your data while it is traveling from your browser to the website’s server.
If you see a “Not secure” sign or an exclamation mark in a round or triangle, it signifies that the website is running on HTTP instead of HTTPS, which indicates an insecure connection. Never ever write any confidential data on such sites. Hackers can easily intercept that data and steal it.
Pay Close Attention to The Writing Style
Also Read: What is Artificial Intelligence?
- Pay close attention to the spelling and grammar of the site. If there are too many noticeable errors, don’t take them lightly. All the legit sites have strict editorial standards. They generally don’t make unusual typing errors.
- Is the website trying to deceive readers by replacing similar-looking alphabets such as l with I, 1 with I, S with 5, g with 9, o with 0, rn with m, etc.?
- Are they trying to imply a sense of urgency by generating panic in you? For example, “if you don’t click on this link within 5 minutes, your account will be suspended.” – No legit companies threaten their customers to close their account on such a tiny notice.
- Are they offering you any deal, discount, coupon, or offer that is too good to be true? For example, “Click on this link to avail 70% discount on iPhone”, “Copy-paste this coupon and get flat $1,000 off on the original Rado watch”, etc. These are called malvertising, i.e., malware+ advertising. Hackers try to put attractive advertisements to tempt people to click on them. And as soon as they click, the malware gets downloaded into your system.
Check the Contact Page and Social Media Pages
- All the legit businesses have at least some social media exposure. Search for the social icons on the top of the page or in the footer. If they don’t have links to any social media sites like Facebook, Twitter, LinkedIn, Pinterest, Instagram, etc., be careful. Even if icons are there, but they are not clickable or don’t lead to the business’s social media page, it is also a red flag. Also, if the business has social media pages, inspect them to know the number of followers and reviews.
- Also, check the business’s reviews on third-party platforms like Google reviews, Yelp, TrustPilot, ShopperApproved, Manta, consumeraffairs.com, productreview.com, etc. You will get to know not only the product review but also the way they handle returns, give after-sales service, and the way they deal with warranties.
- Also, check their employees’ reviews on Glassdoor.com and Indeed.com. You will get a lot of information on the company’s work culture and its ethical standards from its own employees’ reviews.
- Check the company’s contact page. Is there a brand email address given or a generic one? In other words, the email must have the domain name after “@.” For example, the brand email addresses look like this: firstname.lastname@example.org, email@example.com, EmployeeName@google.com, etc. Instead of having @gmail.com, @yahoo.com, @hotmail.com in the email ID.
- On the contact page, is there a phone number and the physical address available? Make a phone to verify the number, especially if you are planning to buy something from that site.
Also Read: Memory Management in Operating Systems
Even though you become vigilant while surfing online, it is still a good practice to have a robust antivirus program or firewall on your computer. Hackers these days have become really smart and even tech-savvy people for falling for their traps. You can also install free browser extensions like PhishDetector, AdGuard AdBlocker, Guardio, Web Threat Shield, etc.