Updated on October 23, 2023.
You can tell if a website is legitimate by using Google’s Transparency Report, examining the overall look of the website, double-checking the website address for inconsistencies, checking the website’s domain age and doing a background check on the company.
Continue reading to learn how to tell if a website is legitimate and how you can stay clear of illegitimate websites.
1. Use Google’s Transparency Report
If you’re unsure about the safety of a website, copy the website address by right-clicking your mouse on the address bar and clicking where it says “copy.” Once you’ve copied the website address, paste it into Google’s Transparency Report. This report is a part of Google Safe Browsing, a service that was built to help notify online users and website owners of unsafe sites that contain harmful content. When the report is done, you’ll be able to see if the website is safe to visit or not.
2. Examine the Overall Look of the Site
There are two types of illegitimate websites, spoofed websites and made-up websites. A spoofed website is a site that has been designed by a cybercriminal to look like an existing legitimate website but actually steals your login credentials and other sensitive data such as your credit card numbers. A made-up website is a site that has been completely fabricated, meaning the company doesn’t actually exist.
Spotting illegitimate websites can be difficult to do, but it’s not impossible. If you end up on a website that you’re unsure of, examine its overall look and ask yourself the following questions.
- Are there misspellings on the website?
- Are there any grammatical errors?
- Does the website look like it was designed in a rush?
- Are there blurry images?
- Do the company logos look unusual in any way?
If you answered yes to any of the above questions, it’s possible that the site you’re on is illegitimate. Legitimate websites go through various approvals before going live so if there are inconsistencies on the website, like the ones mentioned above, you should consider them red flags.
3. Look Closely at the Website’s URL
The website address of a spoofed site, also known as the URL, can be a telling sign if a website is legitimate or not. When cybercriminals spoof sites, one or more characters will be out of place in the URL. For example, an “O” may be replaced with a zero, so the URL may look something like “Amaz0n.com.”
Spoofed websites can also use different domain extensions than the one for the legitimate website. Most legitimate websites use the domain extension “.com” so if you go on a website using a different domain extension like “.net” and you know that the website usually uses “.com” this is a major sign that the site you’re on is illegitimate.
4. Look up the Website’s Domain Age
A website’s domain age is the amount of time that a domain has been in use. Looking up a website’s domain age can give you a good idea of how long a website has been using its domain and help you verify inconsistencies. For example, if a spoofed website claiming to be Amazon.com has a domain age of one year, this tells you right away that this website is not legitimate because Amazon has had its domain for far longer than one year.
To check a website’s domain age, copy the website address and paste it into the Whois Lookup domain tracker. Once you’ve done this, you’ll be able to see who the domain name is registered to and when the domain name was registered.
5. Do a Background Check on the Company
Before you decide to click anything on a website that you suspect could be illegitimate, research the company the site claims to represent. You can do this by going through the company’s social media and online reviews. Be cautious of fake social media accounts pretending to be the company. These fake accounts can be used to trick you into thinking the site is real. Some signs of a fake social media account include the following.
- Recycled photos
- Poor content and excessive use of stock images
- Poor engagement with followers
- Few to no followers
Apart from checking the company’s social media accounts, look through online reviews on official review sites like Trustpilot and Consumer Reports. If you can’t seem to find reviews on the company you’re researching, this is a sign that the company is made up and you should avoid making purchases from them or creating an account with them.
The Importance of Knowing if a Site is Legit
It’s important for everyone to look for signs that a website is legitimate because entering your credentials or other sensitive information on an illegitimate site places your online security and accounts at risk of becoming compromised.
Illegitimate websites can also infect your devices with malware. Malware is malicious software that uses various techniques to attempt to steal your Personally Identifiable Information (PII). Malware can do different things depending on what type is installed on your device. For example, keyloggers can track keystrokes to determine what you’re typing and spyware can gain access to your device’s camera and microphone to spy on you.
How to Steer Clear of Illegitimate Websites
There are two main ways you can steer clear of illegitimate websites – avoid clicking on unsolicited links and use a password manager to ensure you don’t input your login credentials to a spoofed website.
Avoid clicking unsolicited links
A cybersecurity best practice is to never click on links that you aren’t expecting and are unsure of. If you receive a text message, email or direct message on social media with an unsolicited link, avoid clicking it because it can lead to a malware infection or take you to a spoofed website.
If you receive a message from a company asking you to take action on your account, don’t click the link they’ve provided. Instead, go directly to their mobile application if they have one, or go to their official website to log in.
Use a password manager
A password manager is a tool that aids users in creating, managing and securely storing their passwords. Password managers aren’t only useful for storing all of your passwords, but they can also help you identify spoofed websites. If you go on a site and your saved login credentials don’t autofill, this is a sign that you’re on a spoofed site. This is because password managers won’t autofill your credentials if the URL doesn’t match the record stored in your password vault. This will prevent you from essentially handing over your login credentials to a cybercriminal by inputting them into the website.
Stay Safe From Illegitimate Websites
Learning the signs of an illegitimate website is the first step toward preventing your personal data and credentials from being compromised. Along with avoiding clicking on unsolicited links, you’ll want to invest in a password manager like Keeper Password Manager.
Don’t let illegitimate websites trick you – learn the signs to keep yourself and your information safe from cybercriminals.