Every day, websites and their visitors exchange hundreds of GigaBytes of sensitive data. Such data ranges between the credit card credentials of the users, to disclosing your the users’ new shipment address. Each of these connections should guarantee the safety of your personal information. Unfortunately, cybercriminals are always eager to intercept your data and try to get as close as possible to it. They come up with various tricks that aim to make you believe that you are accessing a completely secure website and that you can fully entrust your personal information to it. Luckily, the following tips will teach you how to recognize a fake website before introducing your data.
Tips to spot a fake website
- Double-check the website’s domain name. Pay attention to the URL structure of the website. Does it look different than before? Does it have new characters in the domain name that seem suspicious? Is the URL closely resembling another URL that you may know? If at least one answer is “Yes”, then it is most likely that the website is fake;
- Choose HTTPS over HTTP. Any website owner concerned about the security of his/her customers’ data will install at least a Domain Validation Certificate. This means that his/her URL will start with “HTTPS”. The SSL protocol will protect the connection between his/her website’s server and the client’s browser. If you are browsing a website that requires your personal information but displays an “HTTP” URL, you are probably accessing a fraudulent website. Make some research before entrusting your data to non-secure websites;
- Opt for Extended Validation SSL Certificates. Identify if the website is using an Extended Validation SSL Certificate. If so, then your browser should display the padlock icon, and the certified company name in the info panel. Check if the certificate information is the same as the one on the contact page of the website, to be sure that both the certificate and the website belongs to the same owner.
- Verify whether the SSL certificate has expired or not. If an SSL certificate has expired, then the browser will display a red “X” mark on the padlock icon. The “HTTPS” text will be crossed out also in red color. These signs tell you that even though the encryption is still present, the site cannot be fully trusted, and the connection can be exploited by ”man-in-the-middle attacks”. It is up to you to decide if you want to take the risk of disclosing information to such websites.
By following these basic guidelines on scanning the website’s authenticity, you will be able to easily distinguish between a fake website and one which you can trust. By being aware of their characteristics, you will be able to protect yourself from any security vulnerability.