Everything we touch is connected to the web—our work, finances, social relationships, shopping, and entertainment. Years of web use have trained us to browse around confidently. But while we visit familiar sites—think: major media outlets, established service providers, and the like—without a second thought, the unfortunate truth is that not every domain on the web is safe. That’s why it’s important to view any unfamiliar website you consider visiting as a potential risk. This includes URLs that you receive in email, links on web pages, web ads, pop-up ads, and even videos that you click on.
Here’s what unsafe web browsing could look like:
- Phishing sites. These are websites that try to steal your login credentials or other information by impersonating a website you trust.
- E-commerce ripoffs. What looks like a safe place to buy something may actually be an impostor or scam trying to directly steal your money.
- Installation of spyware. Bogus sites can entice you to download and install packages that include spyware, which is software that steals your sensitive data by logging your keystrokes and “phoning home” with the stolen information. Credit cards, bank accounts and passwords, and other personal information are particularly valuable.
- Installation of malware. This broader category of bad software may enlist your device into a botnet army, stealing resources from your computer without your knowledge. Or it may encrypt and kidnap your files, enabling a ransomware threat. If you have a home network, the other devices on your network are also put at risk.
Use the right tools
There are myriad tools available today to help keep you safe on the web. Here’s how to get the most out of your current software and a few tools to consider.
- Use current browsers and operating systems. If you’re still running Windows XP, MacOS 10.3, or an out-of-date web browser, you are putting yourself at unnecessary risk. It’s time to upgrade. Security-focused browsers like Brave or the Avast Secure Browser are also available. If your hardware is too old to support current technology, it’s probably time to upgrade that as well.
- Keep your software up to date. Responsible vendors are engaged in a real-time fight with hackers against serious vulnerabilities—which means they regularly issue security updates to their software. Take advantage and install patches as they become available.
- Enable safe browsing features. Most browsers support protections and filters that can warn you of potential safety risks. You can activate these protections via Settings or Preferences, depending on the platform. For Google Chrome, use Safe Browsing; for Apple Safari it’s Fraudulent Sites; for Firefox there are several protections under Security; for MS Edge it’s Microsoft Defender SmartScreen.
- Use a website link checker tool. There are several free online services to scan a URL to determine if a website is legitimate. Generally you visit the tool’s webpage, type or paste in your URL, and let it do the work of checking. Examples include Google Transparency Report, Norton Safe Web, Unmasked Parasites, and Scanurl.net.
- Employ anti-malware tools. In the old days we used anti-virus software to scan our downloads and protect us. These packages have evolved into comprehensive digital defense strategies encompassing anti-malware, web browsing protections, and other niceties like firewall protection, VPN, encryption, and spam filters. Examples include Norton 360 Antivirus, McAfee Total Protection, Malwarebytes, AVG, and others. Some are free, but for a full-featured solution expect to pay $25-50 for an annual subscription.
- Employ a safe search strategy. Just because someone pays for online advertising—whether via a mainstream search engine or in a display network—doesn’t mean they’re legitimate. Your search results could contain links to malicious websites—and because it’s becoming increasingly hard to distinguish search results that an advertiser has paid for from an organic result, it’s incredibly easy to click on them. Consider opting for an ad-free search engine like Neeva to increase the chances that malicious sites are not surfaced to you in search.
Remember, all your connected devices are subject to risk, including computers, tablets, and smartphones. Different strategies and tools may be needed for each.
Change the way you look at the web
Safe browsing requires more than current software and tools. You have to change the way you look at the web too. Think twice before clicking that link. There are often clues to the veracity of a URL, as well as tools that can help you check website safety.
- Use your common sense. Does the source of the web link in question look strange to you? A spoofed website may look slightly strange, with badly copied graphics or obviously missing components. Sometimes bad grammar or misspellings can be tip-offs. The presence of on-site spam, pop-up ads, or multiple browser redirects can be suspicious.
- Be suspicious of emails asking you to do something. Scammers have gotten very good at impersonating trusted service providers, making their phishing emails indistinguishable from real emails you might receive from a bank or software company. Anything you receive asking you to log into a website, particularly for a “suspended account” or password reset, should be viewed skeptically. Emails from companies or people with whom you have no active relationship are highly suspect.
- If an email contains a link, retype it in your browser rather than clicking. Reason being: text in the link you say could say one thing but the encoded URL could be completely different.
- If an email asks you to do something relating to your account, call the service provider to verify and handle it over the phone.
- Inspect each URL before clicking. Some browsers provide additional information, including the full URL, when you “hover” your cursor over a web link.
- Read the URL carefully. Look for minor differences in the URL text you see and what you expect. Scammers will often set up spoof websites with names almost identical to the one you intend to visit, e.g. amozon.com.
- If it looks too good to be true, it probably is. This is particularly true for e-commerce deals at ridiculously low prices, huge return on investment promises, “proven” lottery winning strategies, and inheritances from foreign royalty.
Signs that a site may be safe
While nothing is totally foolproof, there are a few signs you can use to help determine if a website is trustworthy. Some of these points apply to email as well.
- HTTPS. Always look to verify you have an HTTPS connection (rather than HTTP, which is an older, less secure web protocol) if you are going to enter sensitive information into a web page. Look at the URL in your browser’s address bar (you might need to click on the URL to see the entire thing). If it starts with “https” then you are using the secure SSL/TLS protocol to connect to that website. This means you have a secure connection in which the identity of the site is verified and all HTTP communication between your browser and the website is encrypted. This is not a guarantee of safety, but it is a good indicator that the website developer cares about your safety.
- The Lock icon. This is another indicator of connection security. It displays as a graphic lock icon in the browser address bar (specifics vary by browser). If present it indicates the connection is both SSL/TLS encrypted, and genuinely connected to the site named in the URL (i.e. not intercepted). The lock can also be clicked to find out more information about the website. Some browsers show locks with warning signs, like a red slash or a warning triangle, indicating problems with encryption or the remote site identity.
- Website trust seal. There are a variety of graphic trust seals that websites can display to demonstrate adherence to good security practices or secure transaction methods. Examples include seals from TrustE, Symantec, WebTrust, Comodo, and several others. These can be positive indicators, but they can also be counterfeit, so apply caution. The presence or absence of a seal is not necessarily good or bad.
The internet is an amazing place, but it also presents risks. It’s in your best interest to be cautious when clicking on links. The techniques and tools reviewed above can help if applied, but the best defense is a healthy sense of skeptical caution.
Neeva is the world’s first private, ad-free search engine, committed to showing you the best result for every search. We will never sell or share your data with anyone, especially advertisers. Sign up today and try Neeva for yourself: neeva.com/signup.