AVG Signal Blog Security Internet How to Check if a Website Is Safe

In life, it’s often good to be cautious. But online, it’s absolutely vital to check that a website is safe before sharing personal information such as credit card numbers, passwords, addresses, etc.

Want to stream video without getting malware while watching your favorite show? Need to shop online and want to verify that the e-commerce store is legit before handing over your bank details or your credit card number? Whatever you do online, website verification is a must.

This article contains:

    In this article, we offer quick and easy tips to help you avoid shady URLs and verify the trustworthiness of any site you want to visit. Here’s how to check if a website is safe:

    1. Use your browser’s safety tools

    Today’s most popular web browsers already include security features to help you stay safe online. These built-in browser tools can block annoying pop-ups, send Do Not Track requests to websites, disable unsafe Flash content, stop malicious downloads, and control which sites can access your webcam, microphone, etc.

    Image of fake website with bright red background that is asking you for your username and password

    Be sure you trust a site before entering any personal info.

    Take a moment to review your settings now. Here’s how to find them:

    • Chrome: Settings > Advanced > Privacy and security

    • Edge: Settings > Advanced settings

    • Firefox: Options > Privacy & Security

    • Safari: Preferences > Privacy

    Want to stay even safer and more private? Consider using a browser created specifically with those goals in mind. AVG Secure Browser masks your digital fingerprint to block targeted advertising, avoids phishing scams, and prevents identity theft — all for free. Plus, forced HTTPS encryption helps ensure you’re only visiting safe links.

    2. Use a website safety-check tool

    To quickly check if a site is legit or a specific URL is safe, you can use a website safety checker like Google Safe Browsing. According to their page, “Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites,” which makes this a great website safety-check tool. To find out if any link is safe, just copy/paste the URL into the search box and hit Enter. Boom! Google Safe Browsing’s URL checker will test the link and report back on the site’s legitimacy and reputation in just seconds. It’s that easy.

    Image of the Google Safe Browsing website, where you can check if a website is safe Google knows the web — including which sites are dangerous.

    A similar unbiased safety tool is VirusTotal’s free website security checker, which inspects sites using over 70 antivirus scanners and URL/domain blacklisting services to detect various types of malware, computer viruses, and other security threats. This URL checker works just like the Google Safe Browsing tool: simply enter the URL you want to check and hit Enter.

    Image of the VirusTotal webpage where you can check if a URL is dangerous

    VirusTotal will also tell you if a website is dangerous.

    Whichever site-checker you choose, be sure to bookmark the page to use later — it’s especially important to test if a site is legit before you do anything sensitive, like enter your credit card details.

    3. Double-check URLs

    Moreover, there’s a nice simple way to perform your own website safety test: check the URL. In other words, to check if a link is safe, make sure you know where the link leads before you click on it. How? Just mouse-over any link to verify the URL it’s actually linked to.

    Try hovering your mouse over this

    Hover your mouse over the link above, but don’t click it. In Firefox and Chrome, you should see the URL that it links to at the bottom-left of your browser: https://www.avg.com. Easy, right?

    You can also check URLs and see if links are safe on Safari. First, click the View menu, and then select Show status bar. Now, when you hover over the link, you’ll see where it leads in the bottom left corner of your screen.

    Make sure the URLs are spelled correctly, too. Most people only glance over text on the web. Hackers know this and will often substitute visually similar characters (e.g., “Yah00.com” instead of “Yahoo.com” or “Paypa1.com” instead of “Paypal.com”) to trick you into visiting their phishing sites and unwittingly giving them your passwords, credit card numbers, and other private data. Don’t fall for this trick. It only takes a moment to verify a link is safe. And it’s worth it.

    4. Check for HTTPS

    Making sure any website you visit uses HTTPS is another way to make sure the site is safe.

    HTTP (Hypertext Transfer Protocol) is the fundamental protocol for sending data between your web browser and the websites you visit. And HTTPS is just the secure version of this. (The “S” simply stands for “secure”.)

    HTTPS is often used for online banking and shopping, because it encrypts your communications to prevent criminals from stealing sensitive information like your credit card numbers and passwords.

    So how do you know if a site uses HTTPS? Check for the padlock in your browser’s navigation bar. If you see it, you know the site you’re on is using a trusted SSL digital certificate — in other words, your connection is protected.

    Image of Google Chrome browser's address bar with the green padlock circled

    If you don’t see the padlock, take your shopping elsewhere.

    This isn't a silver bullet, though. Some phishing websites could be using HTTPS to appear to be legitimate. But the main takeaway is this: If a website doesn't have that padlock, don't enter your password or credit card number.

    5. Look for a privacy policy

    If you’re already on a website, but can’t easily tell if the site is legit, look for a privacy policy. Reputable websites should have a privacy policy page, as it’s the law in many countries. So, take a few extra seconds to click around the site and see if you can find their privacy policy.

     The privacy policy is often located at the bottom of the page in small font. The privacy policy is often located at the bottom of the page in small font.

    And what if the privacy policy is incomprehensible? Unfortunately, many privacy policies are full of legalese and can be hard to make heads or tails of. It’s a good idea to search for words like “third-parties” “data” “store” “retain” and similar terms using Ctrl-F (or Command-F on Mac) to understand how the site handles your personal data and what they intend to do with it.

    Some websites might keep your data  while others might sell it to data brokers. For example, here's what Google does with your data — you can learn how to download your Google data here.

    We’re getting a bit off topic now, as many legitimate sites can also have shady data practices, such as Facebook. But it’s still a good idea to make sure a site you’re using at least has a privacy policy, as that’s one good indicator that the site is legit. (And if companies’ shady data practices concern you, you should switch to a web browser that prioritizes security and privacy protections.)

    6. Don’t blindly trust “trust” badges

    Trust badges, or trust “seals” usually appear on shopping or e-commerce sites in an attempt to display trustworthiness.

    Just a few examples of trust seals you might see while shopping.Just a few examples of trust seals you might see while shopping. Source: https://trustlock.co/free-website-trust-badges-trust-seals-to-help-boost-sales/

    Now, some legitimate sites use these. But, they’re also not very hard to add. Tons of sites simply copy and paste these icons, without having any real security to back them up. In fact, there are many articles out there advising e-commerce sites to make up their own trust seals to increase sales.

    In theory, you should be able to click on the trust seal and see if you can verify it. In practice, that often doesn’t work very well, on either legitimate or fraudulent sites. But, it is really important to do some due diligence, especially before doing any online shopping.

    So what can you do? Try searching “is [e-commerce shop] a scam?” or “[e-commerce] shop reviews”. If it’s a scam, you’ll certainly find a lot of posts from people complaining that they never received their items or about other problems. If you can’t find anything, it’s best to avoid that particular shop and find a well-reviewed one instead.

    7. Learn some obvious signs that a site is fake

    Sometimes a website looks so spammy, you can tell immediately without even having to do a formal check of the site’s reputation. If you accidentally land on a website like this, there are some fairly obvious signs of malware you can look for:

    • On-site spam: If a site has lots of flashing warnings, exclamation marks, or other kinds of spam, it’s probably scammy. (And who wants to read a site with a strobe light, anyway?)

    • Pop-ups: If you arrive on site and tons of pop-ups appear, it’s best to close all of them immediately and navigate away. The site could be infected with malvertising, adware, or another type of malware or virus.

    • Malicious redirects: If you get immediately redirected to a completely different website, especially a shady one, this is a malicious redirect. It can mean that the original site was fake, or it can be a legitimate site that got attacked by malware, leading to hidden code in its site. The original site may not have malicious intentions, but until they clear up their code, you don’t want to be there.

    • Search engine warnings: When you search for something, you might find that the search engine (such as Google) displays warnings next to some links, such as “This site might be hacked” or “Visiting this site may be harmful to your computer.” Although these warnings aren’t completely accurate, it’s a good idea to choose a different option instead.

    8. Use "whois" to look up the domain owner

    Want to know who’s behind a certain website? Use whois (pronounced “Who is”) to find out who owns the domain, where and when the site was registered, contact information, and more. It’s super easy to do, and you’ll feel like a private eye doing it. Try a whois lookup here… it should help you determine if the site is fraudulent.

    Image of the Icann webpage, where you can search for info about who's behind a website

    Is this site legit? Enter any URL to learn who’s really behind the website.

    9. Call the company

    Still not sure if the company is legit? Find their contact details and give them a call. Really, you can learn a lot by who answers the phone. If the number doesn’t exist — or if some teenage voice answers with “Dude?” — then something’s probably up. Just trust your gut.

    Where do you find a website’s contact details? Look for a “Contact us” or “About us” link near the very top or very bottom of the homepage. Or try a Whois Lookup (tip #8 above) to see if that reveals a phone number.

    10. Install web security tools

    Using a robust cybersecurity tool can also help you avoid dodgy websites. Download AVG AntiVirus FREE for essential protection, including our Fake Website Shield, which will prevent sketchy sites and scams. Plus, you’ll get Web Shield to block infected downloads and Email Shield to block malicious attachments.

    Prevent unsafe websites with AVG Secure Browser

    Using the tips above, you’ll become a pro URL checker in no time. But even safe websites can contain annoying ads, online web tracking, and browser fingerprinting technology that can identify you out of a crowd.

    AVG Secure Browser’s Security and Privacy Center offers a suite of features to strengthen privacy protections online.AVG Secure Browser’s Security and Privacy Center and its suite of features.

    AVG Secure Browser was built with your privacy and security in mind. Automatically block ads, prevent even the most advanced tracking and fingerprinting technologies, and browse up to four times faster.

    Browse privately on your iPhone with AVG Secure Browser

    Free install

    Browse privately on your Android with AVG Secure Browser

    Free install