These days it can be very difficult to tell if a site is trustworthy or not. Many nefarious sites are being designed to look respectable. Thus you should always make sure that a site is not dangerous by using multiple approaches. This is especially important to consider before providing a site with sensitive information such as credit card numbers, banking information, your email address, etc…
In general you may want to be wary of a site if it asks you for unnecessary personal information, a credit card number, or a bank number when it’s not necessary. This could be evidence of them phishing for your sensitive information. In order to better recognize phishing scams, and thus avoid them, please see the examples provided on this page. You should also be wary of sites with offers that seem too good to be true, have very intrusive ads, have multiple popups, tell you that you need to install a plugin to view content, etc… For sites such as these you should definitely consider using the methods described below to make sure that the site is actually safe before proceeding further.
If the source of a link seems phishy, such as if it came in an unrecognized email or it is a suspicious link posted online, I would recommend that you don’t click it until you’ve made sure the site is not dangerous. To copy the link for analysis, without ever visiting the site, you can right click on it and select the option to “Copy link address” (For Chrome), “Copy link location” for Firefox, etc… If this link appears to be a shortened URL, then you must first unshorten the URL before testing it. If you don’t do this then your analysis will actually just test the site that shortened it. To unshorten the link you can go to this site and paste the shortened URL into the box. It will then provide you with the actual URL, which you can copy to use for the analysis below.
The first thing I would advise doing is copying the website’s URL and pasting it into Comodo Web Inspector. However, this analysis may take a while as it is running an in-depth real-time analysis of the site to check for any possibly malicious content. Thus, I would advise running Zulu URL Risk Analyzer at the same time. However, once Comodo Web Inspector is done it will present you with its findings. If the site is rated as High Risk it’s very likely that the site is dangerous. If it rates it as Suspicious the site is probably dangerous, but you may want to see what the other services mentioned in this article rate the site.
Then also copy the URL into Zulu URL Risk Analyzer. If given the choice choose to reanalyze the site. This also uses multiple methods to analyze the site. After it is done analyzing the site it will present you with an overall risk score of how likely the site is to be dangerous from 0 to 100, with 100 being very dangerous. It will also provide you an interpretation of this in which it will rate the site as Benign, Suspicious, or Malicious. While I have seen it have some false positives on safe sites, in which it rated them as Suspicious, I have never seen it rate a safe site as Malicious. Thus, my advice for using this service is that if it rates the site as Malicious you can be relatively confident that the site is dangerous. However, if it rates it as Benign or Suspicious then you should move on to the following steps to further evaluate the site.
To check the site against the databases of many reputation engines and domain blacklists the next thing you should do is copy the website’s URL and paste it into VirusTotal. If the site was previously rated you should select the option to Rescan. If the site is already known to be dangerous it will likely be flagged by at least a few services. However, even if they all come up clean it doesn’t necessarily mean that the site is trustworthy. Remember what was discussed earlier about how the age of the site comes into play when interpreting these results.
Also copy the website’s URL into URLVoid. This service is similar to VirusTotal in that it also checks the site against many blacklists. If presented, choose the option to “Update Report”, as this will provide you with the most up-to-date results. Also, near the top it provides you with when the domain was first registered. Although this information by itself tells us very little, in general, if a site is new it may not mean much if it is not flagged as dangerous by any of the above services. It often takes a while for any of the services to locate, and analyze, new dangerous sites. Also, even old sites, which were previously safe, can be hacked and turned into phishing, or malware infested, sites. Thus, just because a site is old, and not flagged as dangerous, does not mean that it is certainly not dangerous.
At the bottom of the URLVoid results for the site it also presents you with the WOT ratings. This trust score, by itself, should be helpful for you in judging whether the site is trustworthy. However, clicking on the button in the third column brings up the WOT scorecard for the site, which provides even more information. This information includes people’s comments about the site, assuming anyone has left comments. In terms of the comments, it should be noted that the comments of individuals may be biased for many reasons, but by reading through many comments you should be able to get an idea of whether the site is dangerous and the main problems people have with the site, assuming there are a lot of negative comments. This information can also be used to decide whether the site is actually dangerous.
Note that another very useful aspect of using WOT is that nearly all popular sites should already be rated. Thus, if you find yourself on a site which is popular, such as Paypal, Gmail, etc…, but WOT says that the site is unrated, it may be a phishing page.
Even if none of the above methods indicate that the site is dangerous, before transmitting your sensitive information to the site there are additional issues to be aware of. One of these is to make sure that the page where you fill in your sensitive information, which may include credit card numbers or banking information, is secured with a SSL certificate. If the URL of the page you’re on begins with https then an encrypted connection is being used and your information is probably safe, at least assuming that the site is trustworthy. As long as the site is secured then nobody other than you and the people operating the site can view the information you are submitting. I would strongly recommend that you do not transmit sensitive information through any site that is not secured in such a way.
However, there is one subtle danger to be aware of. There are actually many different types of SSL certificates. These provide varying levels of trust. An extended validation certificate will guarantee that the business is legitimate, while many other types are only validated with respect to the domain, but not the owners and operators of the domain. Do note that some phishing sites have been known to purchas low-level validation certificates in order to trick people into believing they are trustworthy. For more information about the differences between these certificates please see this page. I’d strongly recommend reading the information on that site. Only if the certificate itself guarantees that the site is safe, and belongs to a valid business, should you have complete trust in that domain.
If you do find that a site is dangerous I would appreciate it if you could take a few minutes to report the site so that other people will be protected from it.