How to Tell If a Website Is Safe

How to Tell if a Website is Safe

We've come to accept that certain images and symbols mean certain things. A picture of a padlock, for example, is regularly associated with security. It might seem like the most natural thing in the world, but this particular habit could be playing a nasty trick on us.

In 2011, cybersecurity legend Troy Hunt wrote about how big of a double-edged sword a humble picture of a padlock could be, and a couple of years later, he discussed how incredibly misleading trust seals can be. The conclusion we can draw from Troy Hunt's posts is that an image (be it a padlock symbol or a 'Verified by…' seal) can never be enough to assure us that a website is secure. What, then, can you do to figure out if a particular website is trustworthy?

Look for the SSL certificate

There was a time when people would tell you that if a page requests your login credentials or credit card details, it needs to go through an HTTPS connection because that would ensure that your username, password, and the rest of the sensitive information is not relayed in a readable format. This is no longer good advice. Every website you visit should be served via the HTTPS protocol.

The "S" in HTTPS stands for "Secure", and online service providers must make sure that their websites are accessed via this type of connection by installing an SSL certificate. In the past, an SSL certificate used to cost several hundred dollars per year, but right now, thanks mainly to the Let's Encrypt initiative, anyone can get one for free, so website operators really have no excuse for not installing SSL.

An SSL certificate uses a cryptographic protocol known as Transport Layer Security (TLS) to encrypt all the communication between your device and the website you're accessing. As a result, hackers won't be able to eavesdrop on the usernames and passwords you're sending during the login process. There's more to it than that, though.

If a website is served over an HTTP connection, cybercriminals can not only access the information you're sending out but also alter the content you're trying to view. Using a Man-in-The-Middle attack, the crooks can exploit unsecured websites and serve anything from annoying ads to malware. That's why, it's important to make sure that not just the login form, but every single URL of a website starts with "https://".

If there are too many ads, there's probably something wrong

We recently discussed ads, and we mentioned the curious conflict they cause. On the one hand, an ad-free internet would be a very different place. Many of the free online services we use every day wouldn't be available without ads. At the same time, online ads are abused frequently, and unfortunately, the way the entire industry works means that other than installing an adblocker, there's not much we can do about it.

The fact that a website has ads does not make it dangerous. If you see a larger-than-usual number of advertisements, however, and if some of the banners appear particularly shady, you must proceed with caution. In this day and age, popups are considered a particularly aggressive form of advertising which means that if you see them, you should probably think about clicking the Close button. The owner of the website isn't always responsible for all the ads. Often, the hackers exploit vulnerabilities or use other techniques of turning a perfectly legitimate website into a mess of colorful banners and annoying flashing images and animations. Regardless of who puts them there, however, the risk of malicious ads should not be underestimated.

Check out the company you're about to do business with

The internet allows us to buy things or subscribe to services with the click of a button. Unfortunately, the online world, as we all very well know, is full of dishonest people and scammers, and often, users end up getting tricked out of their money.

There's no algorithm that you can follow and ensure that you won't get scammed. Nevertheless, a few things about the website of a merchant or a service provider can tell you a bit more about the business venture that sits behind it. An easily accessible way of contacting the company, for example, suggests that you're looking at a real entity that is prepared to interact with potential customers, and a legitimate office location that can be found on Google Maps is also a positive sign.

We have discussed on these pages how painful reading through legal documents could be, but going over the Terms of Service and Privacy Policy is still a good idea, especially if you're thinking about trusting the service provider with payment details or other bits of sensitive information.

On the whole, if you can pick only companies that have been recommended by friends, do so. If you can't, try googling the name of the service provider and see what other people think before committing to a subscription or a purchase. Sometimes, an online search can make the difference between choosing the right product and giving your money away.

Watch out for cryptocurrency-mining websites

2017's unprecedented surge in cryptocurrency value meant that cybercriminals found themselves looking for new ways of obtaining as many digital coins as possible. This gave birth to the so-called cryptojacking attack – the act of using the hardware resources of visitors of websites in order to "mine" cryptocurrency.

Cryptojacking has arguably become more popular than ransomware, and its efficiency is rooted in the fact that using a single website, crooks can infect thousands, if not millions of unsuspecting users. Often, people can see that something is putting more strain on their hardware, but they're not sure what it is which makes the attack even more attractive for the crooks.

It must be said that this is not the most destructive form of hacking, but it should not be underestimated. In order to inject their cryptojacking scripts, hackers must first compromise the targeted website. And if they have compromised a website, they can use it for something else like spreading malware, for example. All things considered, if you think that a website is abusing your computer resources, you should close it as quickly as possible.

Try to avoid nasty links

When you go to a website, you usually don't spend your whole time staring at the homepage. More often than not, getting to the content you're looking for involves clicking loads of links and buttons. But how can you be sure that you'll end up in the right place?

Well, it's not easy, but if you pay more attention to what you're doing, you might just manage to avoid some of the traps. Modern browsers can let you know where you're going before you follow a link, and if you haven't already, you should probably start taking advantage of this functionality. All you need to do is hover over the link before clicking on it, and the browser will display the URL you're about to be led to in the bottom left or right corner of the screen. Once again, we're not talking about something that can ensure complete safety, but it can at least give you a better idea of where you're being taken to.

Staying away from dangerous websites is not (and will never be) easy. If it was, we wouldn't have had so many people ending up on malicious pages every day. That being said, you can build some habits and observe some things that should help you browse the web with a bit of confidence and peace of mind.

April 30, 2019

Leave a Reply