How to Spot Safe vs Unsafe Websites
64% of companies worldwide have faced at least one cyber-attack, with 20 million records breached in March 2021 alone. The threat to information security is a serious matter with serious implications for businesses and individuals.
This blog highlights some of the ways you can spot safe vs unsafe websites so that you are not a victim.
How to Spot Safe vs Unsafe Websites
It has never been more important to protect yourself and your organization from bad actors on the internet. One of the many avenues for these bad actors to attack your computer is by trying to gather your information from an infected or malicious website you may visit, even if only once. The best thing you can do is to avoid malicious websites altogether.
Here are the most prevalent tell-tale signs of a threatening website and some ways that you can protect yourself:
- Never click on a link embedded in an email even if sent from someone you trust, always type the link into your browser
- Use common sense. Does a website look strange? Is it asking for sensitive personal information? If it looks unsafe, don’t take the risk.
- Look for signs of legitimacy. Does the website list contact information or some signs of a real-world presence? If doubtful, contact them by phone or email to establish their legitimacy.
- Read the URL carefully. If this is a website you frequent, is the URL spelled correctly? Phishers often set up websites almost identical to the spelling of the site you are trying to visit. An accidental mistype may lead you to a fraudulent version of the site.
- If it looks too good to be true, it probably is. Is the website offering you a product or service at an unbelievable of price? Or maybe they are promising you an unreal return on investment? If the offer looks too good to be true, trust your instincts. Do some research to find reviews or warnings from other users.
- Check the properties of any links. Right-clicking a hyperlink and selecting “Properties” will reveal the true destination of the link. Does it look different from what it claimed to lead you to?
You should also always be on the lookout for the clues and telltale hints that you are on a malicious website. After all, it is by smart people noticing something wrong and reporting it that the tools below to help detect and report new malicious websites.
1. Use a Website checker to identify Fake or Unsafe websites
If you’ve taken all the above steps into consideration and still have doubts, try running the site through at least two website checkers. We use the following tools.
- VirusTotal Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and automatically share them with the security community
- Microsoft Web Site Checker – Free Browser Plugin to integrate website safety checks while you browse
- Google Safe Browsing tool. Just paste in the suspect URL and the checker will determine whether it’s safe to visit.
2. Is the address (URL) safe? How to spot deceptive addresses
Bad-Actors (Phishers) lure users onto their sites by adding malicious links to phishing emails. Before clicking on a link embedded in an email, be aware that there’s a possibility that it could be illegitimate.
It’s not always easy to tell the real from the fake, but there are always ways to do it. Often fake sites will impersonate real ones – like your bank, employer, shopping, or government website. If you look at the URL closely, you may find letters out of place or perhaps they will have the domain name of the legitimate website as a subdomain of a fake one. These subtle differences that many people overlook, can identify a fraudulent site from a fake one.
If you receive a link that includes the text www.gooogle.com. Would you click it? You probably shouldn’t because that’s definitely not the link to real Google. But if you just glanced at it on the go, you may not notice the issue.
Example of a fake website – gooogle.com
Here are the elements of a website that attackers can control:
- Content. Anything below the long horizontal line can be tailored to mimic any website. There’s no way a browser can warn you that you’re looking at a fake page.
- Favicon. Any attacker can take Google’s favicon and use it on a fake website.
(A favicon is a small square image that represents the website in web browsers ) - Domain. The attacker cannot alter the domain (google) that’s coming before the top-level domain (.com). However, as seen in the picture above, it can use a similar domain to trick visitors.
- Subdomain. If you don’t look carefully, a subdomain might look like a domain. An attacker can throw google.com.search-source.com at you where search-source is the actual domain of their fake website.
- SSL certificate. Seeing a green padlock beside the address bar often gives a fake feeling of safety. Any website can buy such a certificate unless it’s an EV (more on that below).
How iLLÜM Advisors Can Help
iLLÜM Advisors was founded to serve organizations that need clear visibility in the areas of IT leadership, program management, and risk exposure. iLLÜM provides a concise understanding of how organizations can protect themselves without simply throwing money at the problem. Our teams have knowledge and experience in the cyber security sector and can help you strengthen your company against such attacks.
Final Thoughts
Cyber security is becoming more important as we step further into digitization. Cyber-attacks can be extremely costly for businesses, and most small and medium businesses cannot afford to have their data breached.
If you are looking for an IT cyber security advisory, please get in touch with us. Our team will be happy to address your queries or arrange a meeting for a detailed discussion.