Home › Banking › Online Banking › Online Safety › How to check if a website is legit
In an ultra-connected age where digital presence is paramount, the internet serves as a gateway for cybercriminals. As a result, online fraud seems ever-present, and around 18,000 fraudulent websites are created every day.
Scammers are also using email services provided by Google and Yahoo to appear trustworthy, which is why it’s essential that you’re aware of what to look for when it comes to fraudulent websites (see the section on important terms to know for cyber security below). Here’s what you need to know about how to identify fake websites.
Online fraud in the UK is on the rise, with scammers targeting individuals and businesses
Top tips for staying safe online
Understand cyber security jargon
Want to know if a website is legit? Follow these seven simple steps:
By paying close attention to the URL at the top of your browser, you might be able to spot a fraudulent website. While you can sometimes spot a fake URL straight away, in some cases the deceptive site can be hidden or manipulated to look familiar.
An easy way to find out if the site is actually malicious is by highlighting the entire URL, then copying and pasting it into the search bar of another tab. Before hitting ‘enter/search’, inspect the URL again, as it may be that the actual URL, before any manipulation has occurred, is now exposed.
On websites where you can make a purchase, known as ecommerce sites, there will often be a ‘trust seal’ on the payment pages or other pages where sensitive information is required. When you click on a trust seal, you should be taken to the seal provider’s website, where the legitimacy of the website will be verified. Alternatively, you may be able to visit the seal provider’s website and search for the website there instead.
Here’s a complete list of trust seals.
Ensuring your connection is secure is an easy step you can take to confirm that the channel of communication between you and the server is encrypted and secure. In basic terms, it means any information you input cannot be read by third parties or fraudsters. To do this, click on the padlock in the URL bar at the top of your tab and then click on ‘Show certificate’ if using an Apple Mac product, or choose ‘Security’ or ‘More information’ on other browsers to open the certificate.
If you are taken to a website without the ‘https://’ at the beginning of the URL and are asked for any information, leave immediately, as the website probably isn’t secure.
Hackers will often rush to pull websites together in order to make money quickly, meaning you’ll often spot bad grammar, incorrect spellings and typos throughout the text. Reputable, trustworthy websites have good quality content and thorough processes to ensure their text doesn’t include mistakes.
If the text has a real sense of urgency to it that is pressuring you to pay a fine or threatening some other risk to you personally, it is likely to be a scam. In a similar vein, if something seems too good to be true, for example, savings accounts with higher-than-average interest rates, it probably is.
In any circumstances where a website seems poorly designed with badly-written content, it’s best to err on the side of caution and call your bank directly to check.
All domains have to register their URL or web address, so you can check who has done this by visiting website checkers such as LookWhoIs or Whois.net.
You’ll then be able to link the website with an individual or organisation. If you’re struggling to do this, or it feels a bit cloak-and-dagger, it’s likely that the individual is a scammer and doesn’t want to be found.
Possibly the easiest way to investigate a website is to simply copy and paste the URL into Google’s Safe Browsing Site Status Tool. This tool is like a fake website detector, and will reveal whether the site is safe (or not).
Feefo, Trustpilot and TripAdvisor are all trusted sites that collate reviews from previous, legitimate customers who can help you decide whether or not the website is legit. Reviewers can also warn you about scams or inconsistencies with the website, allowing you to make a more informed decision.
However, it’s important to be aware that some fraudulent websites also input fake reviews to build a false sense of security and scam unwitting visitors. If the reviews are all brand new, have consistently bad grammar or simply make you suspicious, you might want to avoid using the website.
These are some of the cyber security terms, abbreviations and general website jargon that are useful to understand and will help you tell if a website is legit.
HTTP stands for Hypertext Transfer Protocol and makes up the foundation of the World Wide Web. It is used to load websites using hypertext links. In simple terms, it’s the application on which web pages work. You may also see ‘HTTPS’, which is an extension of HTTP and means that your connection is secure (see the section on SSL below).
URL stands for Uniform Resource Locator, and it’s simply a complete web address (or rather a set of directions that follow the HTTP in order to find the page you need). You’ll find the URL of a website in the long, narrow box at the top of your browser.
The domain name forms part of the URL and is almost like a ‘nickname’ for the full URL. This is the small segment you’ll recognise as the website name – it’s normally the company name, or something similar.
An IP or Internet Protocol address is an identifying piece of information that distinguishes one internet user from another. If you have an internet router at home, it will have its own IP address, so its location is known. You can find your own IP address by typing, ‘what’s my IP address?’ into a search engine, such as Google.
SSL stands for Secure Sockets Layer, and it was the most widely deployed cryptographic protocol to provide security, before it was succeeded by TLS in 1999.
TLS stands for Transport Layer Security and is effectively the same thing, but most people still refer to this type of technology as SSL. What SSL does is provide a secure channel between two machines or devices that operate over the internet or an internal network. You normally see HTTP at the start of a web address, and when it turns to HTTPS, the ‘S’ stands for ‘secure’.
Phishing is the most common way for cybercriminals to obtain your sensitive information, such as passwords, banking information or credit card details. Fraudsters use techniques such as emails and adverts to get this information, leading you to a fraudulent website that might look exactly like a normal one. They will use this website to mislead you into entering sensitive details, which they can then keep and exploit.
Malware is the term used to describe any kind of malicious software. Cybercriminals use malware to track victims and exploit them for financial gain. Malware can exist in the following forms:
What’s in it for me?