In general, you should be wary of a site which asks you for unnecessary personal information or a credit card or bank number. This is usually strong evidence that the site is trying to steal your personal and sensitive information. Furthermore, you should also be wary of sites which offer something too good to be true, has intrusive adverts, multiple popups, or tells you that to install a plugin to view their content.
How to Investigate a Site before Visiting
If the source of a link seems suspicious, for instance if it came to you in an unrecognized email, we would recommend that you don’t click on it until you are 100% certain that the site is safe. To copy the link for analysis, without having to visit the site, you can just right click on it and select “copy link address”. However, if the link appears as a shortened URL, you must first unshorten it before testing – if you don’t do this then the analysis will actually just test the safety of the site that shortened it.
To unshorten the link all you have to do is visit this site and paste your shortened URL into the box. This will provide you with the actual URL, which you can then copy and paste into the sites below.
1. Check Site Using Zulu URL Risk analyzer and Comodo Web Inspector
The first thing we would suggest doing is copying the website’s full URL into Comodo Web Inspector. However, this analysis can take a while, as it does an in-depth real-time analysis of the site in question to check for malicious software. Once it has finished analyzing the site it will present you with its findings. If the website is rated High Risk, it’s very likely that the site is dangerous. If it is rated as Suspicious, the site is probably dangerous.
If you want a second opinion, copy the URL into Zulu URL Risk Analyzer. After it has finished analyzing your URL, it will provide you with an overall risk score of how dangerous the site is – the score ranges from 0-100, with a score of 100 being very dangerous. While we have seen it rate a safe site as Suspicious, we have never seen it rate a safe site as malicious. Therefore, if it rates a site as malicious you can be pretty sure that the website is dangerous.
To check the site against an extensive database of known dangerous websites you should paste the website’s URL into VirusTotal. If the site was rated a while ago you should select the option to rescan as new dangers could have been added to the site since it was last scanned.
Also, copy the URL into URLVoid. This is a similar site to VirusTotal since it also checks the site against an extensive blacklist. If presented, select the option “Update Report”, as this will provide you with the most recent results.
Underneath the URLVoid results you will find a Safety Scan Report. At the top of this report there should be MyWOT. Click on “view more details” and you will be taken to a page which gives the website a trustworthiness score out of 100 – the higher the number the more trustworthy the site. This trustworthiness score is helpful when trying to decide whether the site is dangerous or not. You can also read other people’s comments to see whether they have anything negative to say about the site.
Another very useful aspect of WOT is that most popular sites should already have been rated. Therefore, if you find yourself on a popular site such as Paypal, Gmail, Facebook and so on, but WOT says that the site is yet to be rated, it may be that you’re on a phishing page.
Make Sure SSL Certificate is Trustworthy before Making a Purchase
Even if the aforementioned methods suggest that the website is safe, before presenting sensitive information to the site there are some additional issues you should be aware of.
One of these is to be certain that the page where you are filling in personal information is secured with a SSL certificate. If the URL of the page that you’re on begins with https (the letter ‘S’ stands for secure) then an encrypted connection is being used and your personal information is more than likely safe (assuming that the site is trustworthy in the first place). If the site is secure then nobody apart from you and the site operators can view your information. Don’t submit personal information to a page which does not begin with https or does not have a padlock to the left of the URL.
However, there is a subtle danger to be aware of – there are many different types of SSL certificates which provide different levels of trust. An extended validation certificate guarantees that the business is legitimate, while other types are only validated with respect to the domain, but not the operators of that particular domain. Please note that some phishing sites purchase low-level SSL certificates to trick people into believing that they are trustworthy.
For more information on the differences between these certificates we recommend that you visit this page. Only if the certificate guarantees that the website is safe, and belongs to a valid business, should you have complete trust in it.