How To Know If a Website Is Safe (2024)

Is It Safe To Give a Website Your Personal Information? Not Always

Jen Rock thought she was logging in to a website using her Facebook credentials. It was only after she received an email saying that her Facebook password had been changed that Jen realized she’d fallen for a fake website scam [*].   

Fake and fraudulent websites are staples in every scammer’s toolkit. 

Cybercriminals spoof the login pages of popular platforms — such as online stores, Facebook, or your bank — in hopes that you’ll enter your account information and passwords. If you do, scammers can quickly take over your accounts or drain your bank account. 

According to the Anti-Phishing Working Group (APWG) [*]: 

Nearly 1.5 million fake phishing websites popped up in the last three months of 2022 alone. 

As scammers get better at creating fake websites, it’s getting harder to tell which websites are safe and which could lead to identity theft and fraud. 

In this guide, we’ll cover how to tell if a website is safe, the warning signs of a malicious website, and what to do if you accidentally share your personal data on a fake website.

{{show-toc}}

What Happens If You Visit a Fake Website? 

Almost everyone has visited a fake website at some point in time while browsing, shopping, or working online. 

Sometimes, cybercriminals create fake online stores to steal credit card details or sell goods that never arrive. However, it’s more likely that you visited an unsafe website via a link in a phishing scam (such as an email, text, or social media message).

The good news is that, in most cases, simply visiting a fake website isn’t dangerous. But if you interact with the site in any way, you could put your identity, data, devices, and finances at risk. 

Here are a few of the dangers of fake websites:

• Revealing your logins and passwords. Many fake website designs look exactly like legitimate login pages. But if you enter your bank, email, or social media account login information, hackers can take over your accounts. 
• Sending scammers money or credit card details. Fake shopping sites dominate the landscape. These webpages often promote heavily discounted goods in hopes that you’ll enter your credit card information — but the items will either never arrive or will be knock-offs.
• Providing sensitive information to identity thieves. In pharming attacks, fake websites convince visitors to disclose other types of personal information, such as Social Security numbers (SSNs), Medicare numbers, or driver's license details. If you share this information, you could become the victim of identity fraud.
• Downloading malware. Some fake sites exist entirely to trick you into downloading malware. If you click on a link, it could infect your computer with a virus.

How To Know If a Website Is Safe: 10 Warning Signs

Illegitimate websites can be frighteningly convincing, but they usually aren't flawless. Most contain red flags and warning signs that can tip you off. 

Here are 10 warning signs that indicate whether a website is safe or not:

1. Look for warnings from your digital security tools
2. Double-check the domain name
3. Inspect the site’s SSL security certificate
4. Review contact information and privacy policies
5. Verify the website owner
6. Read third-party reviews
7. Scrutinize the site’s design and copy
8. Be wary of security seals and other obvious trust signals 
9. Check the site’s payment and return policies
10. Trust your instincts

1. Look for warnings from your digital security tools

Digital security tools have become efficient at detecting fake websites — even if you can’t. 

For example, Aura’s Safe Browsing tools scan websites and URLs for warning signs before you enter any sensitive information.

Many web browsers (such as Google Chrome, Safari, and others) include their own versions of Safe Browsing. These built-in tools notify users when their website safety is at risk.  

Make sure you’ve enabled Safe Browsing tools in your browser or cybersecurity settings — and trust their warnings. 

Here’s how to turn on Safe Browsing tools in some of the most popular browsers:

• Google Chrome. Google Safe Browsing automatically protects Chrome, Android, and Gmail users. You can enable “Enhanced Safe Browsing” for additional security from your account’s security settings. Here’s a step-by-step guide for turning it on. 
• Microsoft Edge. Microsoft Edge users can bolster their surfing protections by toggling on the enhanced security feature. Edge has three options: Off (default), Balanced (active for unfamiliar sites), and Strict (always active). Here's a guide for turning on Microsoft Edge’s safe browsing tools.  
• Safari and Firefox. Both Safari and Firefox use Google Safe Browsing to warn users if they visit a phishing website [**]. Safe browsing on Macs and iPhones works by default, but users can deactivate fraudulent website warnings in their browser settings.

💡 Related: How To Recover a Hacked Microsoft Account →

2. Double-check the domain name

Many fraudsters use website URLs and addresses that seem legitimate (if you don’t look too closely) — but actually contain a minor spelling mistake or misplaced character. 

Homograph attacks, for example, use similar-looking characters to spoof real URLs, such as replacing a lower-case “o” with a capital “0” or replacing Latin letters with Cyrillic letters.

How to make sure a website is using a legitimate URL: 

• Check the site status before clicking on links. Instead of clicking on a link, copy and paste the URL in Google's site status checker. This will let you know about the site's safety — and if you should visit it. 
• Inspect links carefully. Hover over links before you click on them. In the bottom left-hand corner, browsers like Chrome will show you the destination URL. If a link redirects you to a destination that is different from the anchor text, it could be a scam.
• Don’t blindly trust “.com” websites. While it might be tempting to be suspicious only of less popular top-level domains (TLDs), you can't let down your guard on “.com” sites. In 2022, 18% of all phishing sites ended with “.com” — the most among all TLDs [*].

3. Inspect the site’s SSL security certificate

The Secure Sockets Layer (SSL) security certificate tells you that the site uses encryption to protect shared data going between your device and the website server. Without this certificate, you run the risk that any information you share could be intercepted and read by hackers.

Not every site needs an SSL security certificate, but you should avoid sending sensitive information to any sites that don't have one. 

While all secure websites have SSL certificates, so, too, do many fraudulent sites. In fact, nearly 83% of all phishing sites had an SSL certificate in 2021 [*].

Here’s how to confirm that you’re on a secure website: 

• Look for the "https" and the lock icon. All secure sites should use "https:" (instead of “http:”). Secure sites also have a padlock icon in the address bar next to the URL. 
• Dig deeper. Click on the padlock icon to learn more about the website — including certificate and organization information, such as their location. If there is no company information or the description is limited or troubling, avoid sharing any personal details. 

💡 Related: What Can Scammers Do With Your Name and Address? →

4. Review contact information and privacy policies

Fake sites don't always invest as much time in the finer details as authentic websites do. For example, many scam pages don't list any contact information. If you can't find a phone number or a physical address, you shouldn't give out any personal details. 

Here’s how to check a website’s contact information and privacy policy:

• Read the footer. Scroll to the bottom of the website and look for an “About Us” or “Privacy Policy” section. Skim these to make sure they’re legitimate. All safe websites will explain how the organization plans to handle your data.
• Look for key terms in the privacy policy. If you don't have time to read the entire policy, search for terms like "sell," "advertising," and "storage." Try to find out what information the company keeps and what they plan to use it for.   
• When in doubt, contact the organization. If you do find contact information, confirm it in a search engine. If a phone number is listed, dial it and see how the call is answered.  

5. Verify the website owner

A website's owner should be related to the company in some way. If a website claims it's representing a company, but the domain ownership information says something else, you could be looking at a fake website.  

Here’s how to check who owns a website:

• Use a domain lookup tool. Find out more about the website owner by using a domain checker — such as Whois Lookup, Who.is, Whois, or ICANN. 
• Research the website owner. Once you learn the name of the website owner and administrator, look them up to see if there are any scams attached to their names. Although many cybercriminals use domain privacy to hide their identities, this is still a good place to start.
• Look at the location and creation date. Make sure the website creation date makes sense. Most scam websites don't stay up long, so they typically have very recent creation dates. Think about the location as well. Websites originating in an unrelated country should signal red flags. 

💡 Related: How To Protect Yourself from “Pharming” Websites →

6. Read third-party reviews

Sharing information online has helped countless people avoid scams. You can find reviews on products and services for just about anything across social media, blogs, and online forums. 

Search for company reviews from multiple reputable sites. You can largely ignore reviews on the company website itself, as those may be biased or gathered as part of a promotion. 

Here’s where and how to check for third-party website reviews:

• Check the Better Business Bureau (BBB). Search the BBB directory to find details that include customer reviews and lodged complaints. BBB accreditation tells you that the company has a documented history of serving customers over a significant period of time. 
• Google the website’s name + “Reddit” or “reviews.” Many people post about scam websites or services on Reddit and similar forums. Read through those posts before entering your information on a suspicious website.
• Go through the reviews. Don't accept glowing reviews at face value. Many sites have fake reviews on their websites or submit fake reviews under aliases. Read the positive and negative reviews with a discerning eye, looking for repetition and a lack of important details.

7. Scrutinize the site’s design and copy

Because fake websites don’t generally stay active for long, fraudsters don't often put a great deal of time and effort into their websites. While some problems can result from honest mistakes, you shouldn't give any business the benefit of the doubt when you're sharing your personal information. 

Here’s what to look for if you think a website might be fake:

• Look for low-quality images. Reputable organizations are very unlikely to use badly cropped or heavily pixelated images on their websites. Scammers don't spend the time to fine-tune these design elements. 
• Make note of poor spelling and grammar. While not always incriminating, poor spelling and grammar can tip you off to hastily-created scam websites. 
• Check the different sections. You may find that fake websites omit common pages, such as the "About Us" section. As you click through the pages, broken links and missing pages should sound alarms of a scam. 

💡 Related: How To Tell If Someone Is Scamming you Online →

8. Be wary of security seals and other obvious trust signals 

Trust signals are signs and symbols that give peace of mind to website visitors. Many browsers offer these in the form of SSL certificates and icons. E-commerce sites, in particular, use trust seals to inform customers that transactions are verified or secured by well-known cybersecurity brands or online payment vendors. 

Unfortunately, scammers often steal and use these seals to trick you into thinking you’re visiting a safe website.

Here's how you can double-check trust logos and seals: 

• Click on the security seals. Authentic security seals usually link to the issuing organization's website or to a page with more information about the badge. In most cases, scammers use an unclickable image of a security badge to fool unsuspecting visitors.  
• Contact the issuing organization. If you can't find more information about the security badge or trust signal, you can always call or email the organization in charge of the seals. They should be able to tell you if the website has earned the badge or not. 

9. Check the site’s payment and return policies

Flexible payment options and return policies have helped make online shopping what it is today. Free returns from companies like Amazon give comfort to customers. According to the National Retail Federation, nearly 21% of all online-purchased items were returned in 2021 [*]. 

While not all authentic companies have payment and return policies as robust as Amazon, every company should provide some information. If the details aren't available, do not make any purchases. 

Here’s what to look for in a site’s payment and return policies:

• Avoid irregular payment methods. You're better off not using any nontraditional payment means unless you know the company. Gift cards, cryptocurrencies, and bank transfers are big red flags — but so are many payment apps. Money sent via these methods can't be easily traced or reversed. 
• Scrutinize the return details. If the company provides return details, go over them carefully. Make sure the fine print doesn’t miss or gloss over anything important. If applicable, check out the physical location of the return address and make sure it corresponds with the company.

💡 Related: 14 Tips For Shopping Online Safely in 2024 →

10. Trust your instincts

At the end of the day, no amount of website security can keep you entirely safe. You need to be careful about what information you share and with whom you share it.  

Here are additional warning signs to keep in mind as you surf and shop online:

• The deals are too good to be true. Many shoppers tend to get suspicious of amazing deals, especially if they're from unfamiliar retailers. When faced with an incredible price or discount, you should immediately question the product or service's authenticity and quality. 
• The website has too many pop-ups: If your browser alerts you to a large number of pop-ups, you're probably not visiting a reputable site. Pop-ups often indicate malware and fraudulent sites, so regard them as warnings to get out. 

Did You Click on Links or Enter Data on a Sketchy Website? Do This!

Fake and fraudulent websites have become very convincing. If one of these sites tricked you into clicking on a link or sharing personal information, you need to act quickly to minimize or reverse the damage. 

Here’s what to do:

• Review your online accounts for signs of hacking. Check to see if you’ve been locked out of your accounts, and look for other signs that you’ve been hacked (such as strange messages in your “sent” folder or unfamiliar devices logged in to your account). If you’re locked out of an account, request a password reset and take back control. 
• Update your online passwords. Whether or not you see signs of fraud or hacking, be safe and change the passwords on all of your accounts. 
• Enable two-factor authentication (2FA) whenever possible. 2FA adds an extra layer in the security process and makes it much more difficult for hackers to access your accounts. 
• Use a secure password manager. A password manager helps you to create and remember secure passwords. Aura’s password manager, which is included in every Aura plan, stores unique passwords for each of your accounts and will also alert you if your passwords become compromised or vulnerable. 
• Freeze your credit with all three bureaus. A credit freeze will stop anyone from accessing your credit and taking out loans in your name. Credit freezes are free to use and will remain active until you lift (or “thaw”) them. To freeze your credit, you need to contact each of the three bureaus individually — Experian, Equifax, and TransUnion.
• Notify your bank and any other impacted companies. If you gave up banking details or login information, call your bank and credit card companies immediately. They may advise you to get new cards, close your accounts, or complete a fraud report. 
• Scan your devices for malware. If you have antivirus software, scan for malware and other malicious software that your device may have picked up on the fraudulent website. 
• Monitor your credit and bank statements for signs of fraud. Request copies of your credit report and bank statements to look for suspicious activity. Consider getting an identity theft and fraud monitoring service for added protection. 
• Report the incident to the authorities. Depending on the nature of the crime, you may want to file an identity theft report or fraud report with the Federal Trade Commission (FTC). You can also file a report with your local police or the FBI's Internet Crime Complaint Center. 

The Bottom Line: Protect Yourself While Browsing and Buying Online

Even the savviest online user can fall victim to fake websites. You can block suspicious websites and shop only on major marketplaces; but staying safe online still requires great attention to detail. 

When browsing or shopping, you can sidestep most of the worst mishaps by being vigilant  and heeding the warning signs. For added safety, consider a digital security solution like Aura. 

Aura’s proactive suite of financial and identity theft protection tools includes a robust virtual private network (VPN), password manager, antivirus software, parental controls, and more — along with 24/7 U.S.-based support and up to $1 million in insurance coverage for every adult on your Aura plan. 

Stay safe from hackers and scammers. Try Aura free for 14 days.