Knowing how to spot a fraudulent website can protect your personal and work identity, your financial information, and logins for your email and social media accounts. Knowing how to identify fake websites is not just helpful, it’s absolutely necessary to protect yourself online.
Online scams and identity theft are on the rise. The U.S. Department of Health and Human Services has warned the public about fraud related to the coronavirus. Understanding how to check if a website is authentic will help protect you now and in the future.
Ways to check a website
Verify the spelling of the URL
A URL with a typo is one of the primary signs of a fake website. Fraudsters may slightly alter a URL name, such as using the domain amaz0n.com, or they may alter the domain extension, such as using amazon.org rather than amazon.com.
Verify any site seals
A site seal indicates the legitimacy of the website, and clicking on one typically reveals more details about the website and the methods used to verify it. When a seal is clicked, it should do something; otherwise, the seal is probably fake.
Search for a lock
A website’s padlock indicates that it is protected by an SSL/TLS certificate that encrypts user data. The lock can be found in the address bar’s upper left corner. Each of the three types of TLS certificates—Domain Validation, Organization Validation, and Extended Validation—will show a lock.
Domain Validation certificate: confirms who owns the domain. However, DV certificates do not offer information about organizational identification. As a result, using DV certificates for business purposes is not advised.
Organizational Validation certifications: The CA (certificate authority) verifies organizations in official databases used for business registration. This kind of standard certificate is advised for a public or commercial website.
Extended Validation certifications: Offers the highest level of authentication and additional validation steps to safeguard your brand and users. To make sure that the business information in EV certificates is authentic, CAs may demand specific documents and direct communication. The top organizations in the world use them to ensure user trust by giving users high confidence that the website is real and owned by the company they think they are doing business with.
Purchase the DigiCert Secure Site Pro EV SSL certificate at a 25% discount now and secure your website.
Most browsers will display a “not secure” warning if a site lacks a lock. In the past, simply looking for the lock was sufficient to verify a website, but with the rise of online fraud, you now need to look further than the padlock.
Scam versus safe websites
When a site has a padlock, it means the data is encrypted and is therefore secure in the eyes of browsers. Sadly, in today’s world, a secure site does not always imply that a website is safe to use for transactions or information sharing. The presence of a padlock on a website does not guarantee that it is authentic. According to research, up to 50% of phishing-related fake websites now have a padlock.
DV certificates, low-level TLS certificates that some certificate authorities provide for free, are frequently used by fraudsters so that they only need to provide proof of ownership of the website in order to obtain a lock. With DV certificates, they are exempt from having to demonstrate the legitimacy of the business. Sometimes they might use an OV or EV certificate, but most criminals are discouraged from using them because they require more work to obtain—proving business registration, making a payment with a valid credit card, and responding to certificate authority inquiries.
View past the lock
To reveal more information, click once on the lock to look beyond it. If you click on the lock, it will say “Issued to: [Company Name]” under “Certificate (Valid)” for the highest level of authentication. Unfortunately, this feature only functions with desktop browsers at the moment. However, the guidelines for checking a website’s security beyond the lock remain the same whether you’re using a desktop or mobile browser.
Additional methods for website verification
The following trust indicators can also be found on a website in addition to looking for a lock, and site seals, and running the URL through a website checker:
- A privacy statements
- Return guidelines
- Information on how to reach the company, including its address and phone number
- correct grammar and spelling
- Online reviews (to find online comments, just Google “reviews for [site name]”)
Avoid any offers that seem too good to be true in general because they probably are.
What to do if you find a fake site
Do not enter any sensitive data, including financial information, login credentials, passwords, security codes, Facebook logins, or even your name and contact information, if you believe you have landed on a fraudulent website. When in doubt, avoid completing it. Additionally, avoid clicking on links in shady emails, online posts, or direct messages. You can decide whether or not to make a purchase from a website by knowing if it is fake.