Employees spend hours of their day moving from one website to the next; whether to scan for new business opportunities, to record data, to obtain information, to scope out the competition or access industry-adjacent platforms. Ensure that your teams know how to tell whether or not a website might be malicious. Share this information as a gentle reminder. Remember, in the US, one in 10 adults falls prey to a scam each year.
Here’s how to tell if a website is safe:
- Search for the letter ‘S’ in the “HTTPS” portion of the domain. If you see “HTTP” without the “S,” the website is missing a certain type of encryption (an SSL certificate). The encrypted layer protects information that travels between the server and the user. Site owners who actively want clients and consumers to visit their site take care to implement the right encryption tools. Otherwise, entering payment information or other data may present security risks. Ensure that the URL that you are visiting includes an “HTTP.”
- Verify the trust icon. A trust icon (usually in the shape of a lock and in the top left corner of a domain name) can indicate SSL encryption. It can also indicate other security mechanisms. For example, trust icons can provide information about the site’s most recent malware scan. Trust icons can be deceptive, as not all are legitimate. To verify legitimacy, click on the trust icon to see if it leads to a verification page. If so, you may want to ensure the authenticity of the verification page. To do so, you can research the security vendor listed on the verification page.
- Check the URL. When looking at a URL, scan to see whether or not a letter appears to be missing. Or perhaps there’s a typo, or a notable grammatical error. Alternatively, a letter may have been replaced with a number. For example, the letter “L” might have been replaced with the number “1”. These signs indicate a potential scam.
- Search for the website owner’s contact information. Websites that show an email address, a phone number, social media accounts, and other ways to get-in-touch point towards a website’s legitimacy. Contact information indicates that users can reach a real human in the event of fraud or should a serious concern arise.
- Avoid websites with blinking, spammy banners. You’d be surprised–a number of people ignore these eye-catching signs of a malicious site. Neon, blinking banners from the ’90s or early 2000s’ indicate a potential virtual trap.
- Research the age of a website domain. Taking this small step can help you avoid websites that were haphazardly put together last week or last month for scamming purposes. Websites that have existed for brief windows of time are suspicious. Tools like Whois Lookup domain tracker can help you determine a domain’s owner, where they’re located and the length of time for which the website has existed.
- Antivirus software products can also help organizations and employees determine a website’s authenticity. These types of tools can prevent users from accidentally landing on a malicious site. Along with antivirus, some users or organizations may wish to install browser plugins that work to further protect users from dubious platforms.
No matter what industry you operate in, malware continues to present a significant threat. Shady websites and untrusted websites can undermine a business. Knowing how to recognize malicious URLs and websites can prevent harm.
For further information about avoiding malware, untrusted sites and more, see Cyber Talk’s past coverage. Lastly, to receive cyber security insights, analysis and resources in your inbox each week, sign up for our newsletter.