How to tell if a site is secure: Do you have to buy a product online and want to check the reliability of the site from which you intend to make the purchase? Do you want to register an account on a website but you are not sure that the information you send is protected? I can understand your doubts: among the many scams and phishing attempts that you read every day, it is understandable to be reluctant to share your personal information online, but there are solutions that can allow you to solve some doubts of this type and understand the degree of reliability of a site.
Let’s be clear: there are some elements that are impossible to verify for a simple user, such as the security of the database or server where a site is hosted, but there are other details that can be examined independently and allow you to have a picture reliable enough about the reliability of a site or online service. What am I referring to? I’ll tell you right away: dedicate me, therefore, only a few minutes of your time and let me explain how to tell if a site is secure.
Obviously, my advice will be generic and therefore it is up to you to have common sense when browsing online: be wary of sites that offer you free content that normally should be paid or that invite you to make payments through non-traceable methods and / or which do not provide any protection for the buyer. Always check the official sources and avoid entering your personal information lightly around the Net or downloading content to your PC without first checking the degree of reliability. All clear? Well, then I would say it is time to start, without going further. Happy reading and good luck for everything!
Check the connection protocol
The first element you need to consider, for understand if a site is secure, is the presence of the SSL certificate. You don’t know what it is? Don’t worry, I’ll explain it right away.
The Secure Sockets Layer (SSL) certificate is a protocol that has the purpose of allowing the transmission of information between two applications in a completely safe and secure way, as the data is encrypted during their transfer, thus avoiding that they can be intercepted by attackers.
By the term “application” I mean an apparatus that has the objective of collecting data: imagine, for example, an e-commerce website that collects payment information during a purchase, to transmit it to another apparatus, for example the bank, which will confirm the transaction and, in turn, will securely send the outcome of the transaction to the e-commerce site.
You can understand very well that if you are making an online purchase on a website, the presence of an SSL certificate ensures that the entire transaction takes place securely, without any data theft.
This protocol is also approached by theHTTPS (HyperText Transfer Protocol over Secure Socket Layer), wording in the URLs which establishes that the web address or the entire website is covered by an SSL certificate, which protects the communication of data.
Although he gave you the example of an e-commerce site, you can understand that the use of the SSL certificate on a website is also important in other aspects, such as logging in with your credentials or sending information through forms.
In short, in any website it is important to use a SSL certificate, which can be easily identified by thepadlock icon present next to the URL, in the address bar of the browser. In addition, by clicking on this icon, you will be shown a box, through which you can view the information of the safety certificate.
Although, however, the presence of an SSL certificate can give you an idea of security, you must also consider on which website you are providing your information. A basic SSL certificate can be given to any website, thanks to Let’s Encrypt, an administrative body of a public nature that aims to encrypt all communications on the Web, by issuing these SSL certificates for free and automatically.
This means that even if the site is covered by SSL encryption, it is necessary to verify that the certificate in use is reliable and not a possible one. fraud or an attempt to phishing. The SSL certificate is synonymous, in fact, with data protection, not the security and reliability of the website.
For this reason, you must always consider whether the website you are visiting is the official one: sometimes it takes little, even a single different character in the URL, to be redirected to a perfectly cloned website that aims to steal information unsuspecting users.
In this regard, I advise you to continue reading the next chapters, in which I will tell you about other tools that you can put in place to check the security of a website. In case, however, you want more information on how not to come across websites phishing, I recommend you read my guide on how to recognize a fake site.
Check reviews from other users
If the website you are visiting has an SSL certificate but you are still unsure about its reliability, what you can do is use the service Trustpilot: it is a review aggregator, in which all the experiences of use of other users are collected, in order to understand the degree of reliability.
It is very easy to use: simply use the search engine on the home page to type in the company name or website (in the format sito.ext, e.g. sito.com) you want to know about. After pressing the button Search for, you will be shown the corresponding search results. If you entered a URL, you will be directed directly to its tab.
On the website page you searched for, you will find a score and all reviews written by other users. You can also use i filters to read reviews with only one star or completely positive ones, to give you some examples.
I really recommend TrustPilot, because reviews cannot be removed by website owners or companies and this ensures a good level of transparency. However, have the foresight to make a critical analysis in reading the reviews, filtering those that, in your opinion, do not actually reflect a completely negative vote or, conversely, a positive one.
Just to give you an example, a review that has a judgment on the service without any argument has been made on the user experience, certainly does not have the same weight as another in which it is described, even if briefly, the treatment received by the user from the early stages up to the delivery of the service itself.
Services to verify the reputation of a website
In addition to TrustPilot, you may be interested in two services that allow you to evaluate whether a site is secure: MyWOT is Password Checkup of Google.
MyWOT is a website reputation assessment tool that can be used by your official website or via browser extension Google Chrome, Mozilla Firefox, Opera is Safari, downloadable at this link. It is also available as a free app on the Play Store of Android.
When you browse the web with the extension MyWOT active, this will present a colored icon based on the reliability of the website. The types of colors are: green for reliable, yellow for suspicion, red for unreliable e Grey to indicate that the website is unknown and MyWOT has no information to provide an evaluation of it.
Password Checkup Google is, however, an extension for Google Chrome, present in Chrome Web Store, which aims to inform the user if significant security problems known to Google have ever been detected on the website he is browsing on, which have made the login credentials of the registered accounts unsafe.
As long as the extension icon is greenmeans that the site is secure. If it becomes red, click on the same to read the report, which will invite you to change the account password for that website, if you have already created one.
Check for threats in a URL
Defining a secure website is, as you will have understood, not a simple operation, if several measures are not implemented. In addition to the information I have provided you so far, I also want to report you VirusTotal, a service that aggregates the analysis of threats from many third-party IT security services, with a real-time scan. There are several similar services to VirusTotal, but I recommend you use this one for its reliability and solidity over time.
You probably already know this service, because maybe you used it for scan files downloaded from the web on the PC, to find out if they were infected or safe, thanks to the integration of the databases of many antiviruses. In addition to this functionality, however, it is also possible to scan websites, using the appropriate tab URL, which appears on the VirusTotal home page.
You will be shown a scan report, from the analysis of many IT security services, which will notify you if a site is clean (Clean) or not, by means of a special red wording, next to each of these services.
Perform in-depth analysis of a website
Although VirusTotal, which I told you about in previous chapter, is a reliable service, you may also be interested in another, to carry out an even more in-depth analysis of a website. I’m talking about URLVoid, free service of the Italian company NoVirusThanks.
The peculiarity of this service is the ability to scan a website, through the appropriate search bar on the home page. From the report obtained, you will be able to understand if a site is blacklisted by some IT security or reputation assessment service.
In addition, you can view other information, such as the geographic location of the server or the WHOIS data of the website.