How to identify and protect yourself from an unsafe website

The internet is full of malicious websites vying for your personal data. Your personal information is a valuable commodity, and it should be safeguarded accordingly. However, it can be hard to know what to look for if you haven't fallen victim to an unsafe website before. 

Keeping yourself safe online is important, especially since it's getting harder and harder to determine what an unsafe website looks like. 

With the rise of AI for good, we’re also seeing AI tools manipulated for cybercrime, meaning it's never been easier to create a somewhat believable malicious website. Hot on the heels of one of the world’s most popular generative AI tools, ChatGPT, comes WormGPT and FraudGPT, both advanced bots used for writing malicious code, creating malware, and initiating cyber attacks.

We’ll show you how to identify and protect yourself from an unsafe website, so you can protect yourself from the grips of cybercriminals. 

Phishing is one of the main goals of an unsafe website, and consequently, one of the most common scams plaguing Australians. The aim of the game is to steal your data – namely your credit card information and any login credentials. 

In a phishing attack, the assailant will typically masquerade as a trustworthy business, bank, or government entity to deceive you into handing over your personal information. They might mirror a site to look exactly like your bank’s login page so you feel safe inputting your credentials, or send malicious links straight to your inbox. Clicking on these links will likely lead to the installation of malware. In some cases it encrypts your files, forcing you to hand over a ransom in exchange for the key. 

Malware, or malicious software, is usually found all over an unsafe website. Typically embedded in fraudulent links and ads, the main goal of malware on an unsafe website is to steal your personal data, and/or hold it ransom in exchange for money. 

This might be done in the form of computer viruses, malicious advertising, and trojan programs that pretend to be legitimate. 

If you’re unsure about whether or not a website is legit, have a glance at the URL. An unsafe website typically has incorrect spelling, grammar and/or punctuation. Similarly, check the domain name. A fake site usually contains the business they’re trying to emulate in the name. Think ‘Banking.ANZ’, or ‘NetfIix’, with a capital I instead of an L. 

Spam sites can be relatively easy to spot. If the site has flashing warnings, stretched-out logos, provocative advertising, or any design that looks like it was slapped together in a few minutes by someone who’s never seen a website, it's probably fake. 

Sometimes spammers take their time in creating an aesthetic site that consumers might fall for. Others don’t want to spend too much time creating a website that’s 100% believable – 75% is enough. Learn to look closely for the signs and don’t trust any site at first glance.

Browser hijackers can redirect you to pages with malware on them. If you find yourself on a page you didn’t click, immediately close all tabs and run some security software. 

If you receive a warning from your search engine that the site you’re about to visit might be unsafe, do not proceed. While the search engine might not be right 100% of the time, it's a good indication of whether or not your personal information could be put at risk. 

If you’re like me and you love finding a bargain online, this one can be a hard pill to swallow. Deals that seem too good to be true from retailers you’ve never heard of are an indicator of an unsafe website. These types of sites are common around Christmas time and often ‘stock’ hard-to-get items that are typically unavailable at regular department stores. Don’t fall for the bait though, because 9 times out of 10 this will result in a charge to your credit card and no package on the way. 

In countries like Australia, Canada, and the U.S., it's required by law for traders to have a privacy policy. 

A privacy policy outlines ways the company collects, uses, and protects user data. It details who will be seeing your data, and how it is retained. Secure companies take the time and care to create a privacy policy because they care about their customer's privacy concerns. If a site does not have one, it could be unsafe. 

Sometimes a secure site will have contact information for their customer service team, or an office if they have one. Look for any contact numbers, email addresses, or even an office number or address. 

There are two types of SSL (or Secure Sockets Layer) certificates you should keep an eye out for. Sites that use SSL certifications allow sensitive information (like credit card information) to travel between your web browser and the site’s server without being intercepted by hackers. 

An indicator the site uses SSL certificates is by looking at the URL. Secure URLs begin with HTTPS instead of HTTP. The ‘S’ at the end stands for ‘Secure’, meaning your information is encrypted before being sent to the site’s server.

Another indicator of an SSL connection is a padlock symbol next to the browser’s URL. 

This isn’t a silver bullet, as some particularly advanced phishing sites can create fake SSL certificates to trick you into thinking their site is genuine. Regardless, never hand over your personal information to a site that doesn't have that padlock. 

We often look for positive reviews to give us hope that the site we’re visiting isn't a scam. But it's important to look for a mix of both positive and negative reviews, especially ones that don’t seem to be written by a bot. 

We’d recommend doing a quick Google search with ‘Is [site name] a scam?’. You’ll see reviews on some top sites like Google, Trustpilot, and Product Review, by other consumers in the same boat. It's likely they’ll confirm your suspicions, and say they never received their order or give you hope with some positive feedback. 

It's good to be wary of insecure sites in today's day and age. It's better to be safe than sorry, especially when it comes to sites that could potentially steal and sell your sensitive information. 

If a site appears to tick all the boxes and you still think it might be a scam, have a look at your options below.

It's important to have an antivirus program installed to keep you safe online. Let your software determine whether or not a site is safe so you can focus on safeguarding your information. Bitdefender Premium Security has great threat protection and multiplatform security for multiple devices, as well as some advanced features to help protect your personal information online. 

Web filters stop users from viewing certain websites or URLs by blocking content found on certain lists. Web filters typically work by consulting a URL database that shows which domains and sites are associated with malware, phishing, and viruses, for example. While they can’t show every site that poses a threat to your personal information, they can filter a sizeable chunk.

Link scanners examine the link against domain risk history to see if any suspicious files are being hidden beneath the surface

Talos Intelligence's Reputation Centre allows users to scan IP addresses and domain names to see if they’ve been reported for malicious content on malware databases. Similarly, URLVoid searches over 30 blocklist engines and web assessment tools to scan your link for malicious code. 

Browsers like Chrome, Firefox, and Microsoft Edge all have built-in security features to protect you from unsafe sites. They can block any unwanted pop-ups, stop malicious downloads, and control which sites can and cannot access your microphone and webcam. Take a moment to make sure you have the most current version of your browser, and review your settings to reflect how safe you want to be online.

Staying safe online can be a lot of work. With malware and phishing attacks hidden beneath the surface of many websites, it's important to know the signs and how to act so you can protect your personal data.