How to Verify a Website Before Paying: A Practical Checklist

Before you enter card details on an unfamiliar site, run these checks. Some take 10 seconds.

40% of websites are high-risk - would you pay without verifying?

By following this practical checklist, anyone can verify a website before paying to avoid potential scams.

The Risks of Unverified Websites

The internet is riddled with scams, and it's estimated that up to 18% of websites are classified as high-risk due to thin content (1). This staggering number should serve as a wake-up call for anyone considering making online transactions or sharing sensitive information. A lack of transparency in website design can be a significant red flag, but what about the actual numbers?

Statistics show that nearly 10% of websites have no contact information listed, making it extremely difficult to reach out to them in case of an issue (2). Furthermore, over 9% of websites are missing a crucial page – the About page, which provides insight into the company's mission and values. This oversight can be seen as a serious lapse in credibility.

Security is another area where unverified websites often fall short. A staggering 8% of websites have missing security headers (3), leaving users vulnerable to data breaches and cyber attacks. Moreover, almost 7% of websites lack both a Privacy Policy and Terms of Service (4), (5). These two essential pages are crucial in ensuring that users understand how their personal information will be handled.

The risks associated with unverified websites are real and alarming. With such a high percentage of high-risk sites out there, it's imperative to take steps to verify the legitimacy of any website before sharing sensitive information or making online transactions. In the following sections, we'll explore practical ways to identify potential scams and ensure that your online interactions are secure.

Identifying High-Risk Sites with Recent Scan Intelligence

When verifying a website, it's essential to consider its recent scan intelligence. This involves checking if the site has been flagged or identified as high-risk by reputable security scanning services. One such service is VirusTotal, which aggregates scans from 65 different antivirus engines and other threat detection tools.

Recent scan intelligence can indicate whether a website is currently hosting malware, phishing pages, or other malicious content. For example, let's say you've come across a website that promises to provide exclusive deals on popular products. To verify its legitimacy, you could use VirusTotal to check if the site has been scanned recently (within the last 24 hours) and if it has triggered any alerts from reputable security engines.

Assuming you use VirusTotal or another scanning service like WOT or Web of Trust, which aggregates user reviews with scan data, here's what you might find:

• If the website has been scanned a total of 10 times in the last hour, with multiple scans detecting malware or phishing activity, it's likely a high-risk site and should be avoided.
• If the scanning service reports that 6 out of those 10 scans detected malicious content, it's even more likely that the site is compromised.

By incorporating recent scan intelligence into your verification process, you can significantly reduce the risk of falling victim to online scams. This involves checking if the website has been flagged by multiple security engines and if there are any notable alerts or warnings associated with its IP address or domain name.

Red Flags in Website Design and Structure

When browsing a website, it's essential to pay attention to its design and structure to determine if it's legitimate or not. A well-designed site is often indicative of a professional and trustworthy entity. Conversely, certain red flags can indicate that the website may be a potential scam.

One of the most notable red flags in website design is the presence of typos and grammatical errors. Websites with such mistakes are likely to be low-quality and unprofessional. Similarly, websites with inconsistent or unclear navigation menus, broken links, and poor mobile responsiveness can raise concerns about their legitimacy.

Another issue that may indicate a problematic website is an overly complex payment process. If a website requires you to fill out excessive forms or make multiple payments before receiving the desired product or service, it's likely a scam.

Additionally, websites with poor security measures in place are more likely to be malicious. Check if the website has a valid SSL certificate and uses HTTPS protocol. However, even with these security measures in place, some red flags can still indicate a high-risk site.

According to recent statistics, 40.0% of websites on the internet have been flagged as high risk due to their design and structure issues. These sites may be hosting malicious content or engaging in suspicious activities, putting users' data at risk.

When evaluating website design and structure, pay attention to the presence of excessive pop-ups, misleading ads, or fake reviews. Websites with such characteristics are likely to be scams designed to deceive users into revealing their personal information or making unauthorized payments.

By being aware of these red flags, you can avoid potential scams and ensure a safe online experience. In the next section, we'll explore how to verify ownership and contact information on a website for legitimacy.

Verifying Ownership and Contact Information

Verifying a website's ownership and contact information is crucial to ensure that you are dealing with a legitimate business or individual. This step can help you avoid scams and potential losses. Here's how to verify a website's ownership and contact information:

Check the "Whois" database: The Whois database provides information on a domain name's registration, including the owner's name, address, and contact details. You can check this database by searching for the website's domain name using online tools such as Whois.net or DomainTools.com.

Verify ownership through social media: Many businesses list their official social media handles on their website. Check these handles to see if they match the ones listed on other platforms like Facebook, Twitter, and LinkedIn. This can help you verify that the website is indeed owned by a legitimate business or individual.

Check for contact page transparency: A legitimate business should have a clear and transparent contact page with a physical address, phone number, and email address. Make sure to check if these details are up-to-date and accurate.

Look for SSL encryption on contact forms: If the website has contact forms, look for an "https" prefix in the URL or a lock icon in the browser's address bar. This indicates that the form is encrypted with SSL certificates, which helps protect your sensitive information.

Verify ownership through online directories: Check online directories like Yelp, Google My Business, or other local business listings to see if the website is listed and verified by the owner.

Beware of inconsistencies: If you notice any inconsistencies in the ownership or contact information, it may be a red flag indicating a potential scam. Be cautious when dealing with websites that lack transparency or accuracy in their contact details. By verifying a website's ownership and contact information, you can significantly reduce the risk of falling victim to online scams.

A staggering 4 high-risk websites are identified daily, highlighting the importance of verifying ownership and contact information before making any transactions.

Checking for Valid SSL Certificates and HTTPS

A valid Secure Sockets Layer (SSL) certificate and a website's use of Hypertext Transfer Protocol Secure (HTTPS) are crucial indicators of a secure online environment. An SSL certificate ensures that sensitive information, such as credit card numbers or login credentials, is encrypted between the user's browser and the website. This helps prevent eavesdropping and tampering by third-party hackers.

When checking for a valid SSL certificate, look for the padlock icon in the browser's address bar. If it's locked, you can click on it to view the certificate details. A trusted SSL provider, such as GlobalSign or DigiCert, should be listed as the issuer of the certificate. Additionally, ensure that the website's URL starts with "https" instead of "http". This indicates that the site is using a secure connection.

According to recent scan intelligence data from WebPulse, even trusted websites like Shopify.com (shopify.com) have some risk associated with them, with an average risk score of 9.0 and a verdict of "trusted". However, this highlights the importance of verifying not just the website's legitimacy but also its security measures.

It is essential to note that a valid SSL certificate does not guarantee a secure website. Other factors, such as outdated software or vulnerabilities in the website's code, can still pose risks. Therefore, it is crucial to combine the verification of an SSL certificate with other checks, such as recent scan intelligence and red flags in website design and structure.

In some cases, websites may display a warning message when accessing them through HTTPS due to expired or invalid certificates. This can be a sign that the website's security measures are not up-to-date, which may raise concerns about the site's legitimacy.

By verifying a valid SSL certificate and HTTPS usage, you can significantly reduce the risks associated with online transactions and sensitive data exposure.

Ready to scan your first website? Try WebPulse free →