If you are a victim of fraud, you should immediately protect your online accounts with strong passwords, collect evidence of the fraud, report it and freeze
Updated on September 12, 2024.
You can tell if a website is legitimate by inputting the URL, also known as the website address, into Google Transparency Report, examining the overall look of the website, double-checking the URL for inconsistencies, checking the website’s domain age and doing a background check on the company.
Continue reading to learn how to tell if a website is legitimate and how you can avoid landing on an illegitimate website.
The importance of checking the legitimacy of a website
It’s important to check the legitimacy of a website because entering your credentials or other sensitive information on an illegitimate site places your online security and accounts at risk of becoming compromised. Illegitimate websites can also infect your devices with malware. Malware is malicious software that uses various techniques to attempt to steal your Personally Identifiable Information (PII).
If you’re not careful about the sites you visit, you could end up putting your personal information at risk of being stolen and misused by cybercriminals.
5 ways to check if a website is legitimate
Here are some tips for checking the legitimacy of a website.
1. Use Google Transparency Report
If you’re unsure about the safety of a website, copy the website address by right-clicking your mouse on the address bar and clicking where it says “copy.” Once you’ve copied the website address, paste it into Google’s Transparency Report. This report is a part of Google Safe Browsing, a service that was built to help notify online users and website owners of unsafe sites that contain harmful content. When the report is done, you’ll be able to see if the website is safe to visit or not.
2. Examine the overall look of the site
There are two types of illegitimate websites, spoofed websites and made-up websites. A spoofed website is a site designed by a cybercriminal to look like an existing legitimate website but actually steals your login credentials and other sensitive data such as your credit card numbers. A made-up website is a site that has been completely fabricated, meaning the company doesn’t actually exist.
Spotting illegitimate websites can be difficult to do, but it’s not impossible. If you end up on a website that you’re unsure of, examine its overall look and ask yourself the following questions.
- Are there misspellings on the website?
- Are there any grammatical errors?
- Does the website look like it was designed in a rush?
- Are there blurry images?
- Do the company logos look unusual in any way?
If you answered yes to any of the above questions, it’s possible that the site you’re on is illegitimate. Legitimate websites go through various approvals before going live so if there are inconsistencies on the website, like the ones mentioned above, you should consider them red flags.
3. Look closely at the website’s URL
The website address of a spoofed site, also known as the URL, can be a telling sign if a website is legitimate or not. When cybercriminals spoof sites, one or more characters will be out of place in the URL. For example, an “O” may be replaced with a zero, so the URL may look something like “Amaz0n.com.”
Spoofed websites can also use different domain extensions than the one for the legitimate website. Most legitimate websites use the domain extension “.com” so if you go on a website using a different domain extension like “.net” and you know that the website usually uses “.com” this is a major sign that the site you’re on is illegitimate.
4. Check the website’s domain age
A website’s domain age is the amount of time that a domain has been in use. Looking up a website’s domain age can give you a good idea of how long a website has been using its domain and help you verify inconsistencies. For example, if a spoofed website claiming to be Amazon.com has a domain age of one year, this tells you right away that this website is not legitimate because Amazon has had its domain for far longer than one year.
To check a website’s domain age, copy the website address and paste it into the Whois Lookup domain tracker. Once you’ve done this, you’ll be able to see who the domain name is registered to and when it was registered.
5. Do a background check on the company
Before you decide to click anything on a website that you suspect could be illegitimate, research the company the site claims to represent. You can do this by going through the company’s social media and online reviews. Be cautious of fake social media accounts pretending to be the company. These fake accounts can be used to trick you into thinking the site is real. Some signs of a fake social media account include the following:
- Recycled photos
- Poor content and excessive use of stock images
- Poor engagement with followers
- Few to no followers
Apart from checking the company’s social media accounts, look through online reviews on official review sites like Trustpilot and Consumer Reports. If you can’t seem to find reviews on the company you’re researching, this is a sign that the company is made up and you should avoid making purchases from them or creating an account with them.
How to avoid landing on an illegitimate site
There are two main ways you can steer clear of illegitimate websites – avoid clicking on unsolicited links and use a password manager.
Never click unsolicited links
A cybersecurity best practice is to never click on links that you aren’t expecting and are unsure of. If you receive a text message, email or direct message on social media with an unsolicited link, avoid clicking it because it can lead to a malware infection or direct you to a spoofed website.
If you receive a message from a company asking you to take action on your account, don’t click the link they’ve provided. Instead, go directly to their mobile application if they have one, or go to their official website to log in.
Use a password manager
A password manager aids users in creating, managing and securely storing their passwords. Password managers aren’t only useful for storing all of your passwords, but they can also help you identify spoofed websites. If you go on a site and your saved login credentials don’t automatically fill, this is a sign that you’re on a spoofed site. This is because password managers won’t autofill your credentials if the URL doesn’t match the record stored in your password vault. This will prevent you from essentially handing over your login credentials to a cybercriminal by inputting them into the website.
Stay safe from illegitimate websites
Learning the signs of an illegitimate website is the first step toward preventing your personal data and credentials from being compromised. Along with avoiding clicking on unsolicited links, you’ll want to invest in a password manager like Keeper®.
Curious to see how a password manager can help you identify spoofed websites? Start a free 30-day trial of Keeper Password Manager today.