How to check if a website is safe: an 11-step guide

The fastest ways to check if a website is safe is to look for key signals like a secure connection (HTTPS), a trustworthy domain name, and clear contact information. No single sign guarantees safety, but combining multiple checks can help you better assess risk before you click around the site or enter personal information.

What is an unsafe website?

An unsafe website is any site online that could potentially expose you to risks such as malware, scams, or even data theft. There are different types of unsafe websites, and understanding the differences between them can help you decide when to proceed with caution versus when to avoid a site entirely.

Here's how we generally break down the definition:

• Suspicious website: A site that shows explicit warning signs, such as unusual URL, poor design, missing contact information, but isn’t confirmed harmful.
• Malicious website: A site intentionally designed to cause harm, such as stealing login details, distributing malware, or committing fraud.
• Unsafe website: The category of website that includes suspicious and malicious sites, as well as legitimate sites that have been compromised by malware injections or traffic redirects.

These descriptions can help you determine which type of unsafe website you’re looking at and what risk level you’re comfortable with.

1. Know what happens if you visit an unsafe website

The first step to avoiding fake websites is to know what you'll see if you ever inadvertently land on an unsafe site. Most modern browsers are designed to flag unsafe sites if they determine you’re about to connect to one. If you visit a site with known safety issues, the browser will usually inform you by presenting a full-screen warning about the dangers of continuing to that page.

These warnings might say that your connection is not private or that you’re heading toward a deceptive site. If you see one of these warnings, close the window or click “back to safety” to avoid a potentially unsafe site. If you know that a site is safe, click on “Advanced” to proceed.

If you visit an unsafe site, you could end up dealing with several issues, including:

• Malware
• Ransomware
• Identity theft

Browsers may not catch every threat, especially if the threat, or overall site, is new. Even if no browser warning appears, it’s still important to evaluate the site using the steps below.

2. Look for an SSL certificate

An SSL (Secure Sockets Layer) is a digital certificate that certifies that a website is legitimate and that it offers encryption to protect personal information and financial data. In order for a site to have an SSL, they have to prove to the issuer of the certificate that they are who they claim to be.

Checking to see if a website has an SSL is simple: look at the address bar when you visit a site. You should see:

• “https://” at the beginning of the URL. The “s” at the end of the http means “secure.”
• A lock icon on the far left side of the address bar. This lock signifies a secure connection between you and the site. Click on the lock for more details about the website’s security.

If a site doesn’t have an SSL, it doesn’t necessarily mean it's unsafe. It could mean that it’s OK to browse that site, but it may not be safe to share any personal information. Similarly, just because a site has “https” at the beginning of the URL, it doesn’t 100% guarantee that it’s legitimate; scammers can also use SSL certificates and launch scam sites that pass the “vibe test,” which means that a site looks and feels legitimate at a cursory glance.

3. Use a website checker

If your browser didn’t provide you with a warning about a site, but you still don’t feel great about sharing your information or making a purchase, you can double-check it using a site checker. A website safety checker like Google’s Safe Browsing site status page will let you know if a website is unsafe or if a previously trustworthy site has been compromised or has unsafe elements.

However, if a website is brand new or simply hasn’t been reported as a scam yet, it may still get a “No unsafe content found” distinction from the site status checker. So take this status with a grain of salt.

If you drop an address into a URL checker and it shows that a site might not be secure, close the window and don’t visit it again until another check shows that it’s not dangerous.

4. Find the site’s privacy policy

Have you ever navigated to a site that boasted about its security but you weren’t sure exactly what that meant? There’s an easy method for finding out if this website is legit and learning exactly what a site is doing to protect you and your data: read its privacy policy.

Most websites have privacy policies due to legal requirements, but it’s also the fastest way to learn about what information a site can collect from you and how they use it. You can usually find the privacy policy linked in the footer at the bottom of the website or via a site search.

When you are reading a privacy policy, look for:

• Clear language spelling out what information it collects from users and how it is collected
• An overview of how the site protects your information
• Language that defines who can access the information the site collects
• Options for reviewing the information a site has collected
• Options for opting out of data collection
• Language that defines how long the site will hold onto your information
• Contact information to see if the site is transparent about how to reach them

If a site doesn’t have a privacy policy, it may mean that they don’t collect any data, or it could mean that they don’t want to let you know what information they are collecting.

5. Make sure the site is real

Hackers have several ways to try to steal your information using fake websites. Spoofing is when a scammer builds a site that looks almost identical to a real site in order to capture your logins and passwords. Typosquatting is when someone buys a domain similar to a well-known site (gooogle.com, for example) in the hope that someone will accidentally mistype the URL and end up on the fake version of the site.

Scammers may also disguise malicious links in more subtle ways, including:

• Homograph attacks: Using characters that look similar, such as replacing a lowercase Latin “o” with a zero (“0”) or a Greek omicron (“ο”), for example. These types of swaps can be incredibly deceptive, and in some fonts, nearly identical.
• URL shorteners: Hiding the full site address behind a shortened or truncated version. If the site is hyperlinked, you may not notice that the linked address is much longer than the one you think you’re clicking.
• Subdomain tricks: Creating URLs that appear legitimate at a glance. These social engineering tricks often add trustworthy words into the scam site addresses, such as “secure-login-example.com” or even in some cases using “.org” or “.edu” domains.

When in doubt, type the website address directly into your browser instead of clicking on unfamiliar links.

If you receive a link from someone you don’t know or a site you regularly visit is functioning differently than normal, check the URL to ensure you’re on the right site. If you’ve stumbled onto one of these false domains, close the window and clear your history and browsing data to keep you from ending up there again.

6. Read reviews of the site

If you’re checking out a new site and aren’t sure how to tell if a website is secure or if it’s safe to buy from it, reading reviews of the site can show you what other people think. Go to your favorite search engine, type in the site name, and add “reviews” at the end of your query.

When looking at reviews, pay close attention to:

• Consistently bad reviews
• Allegations of unsafe practices
• Instances of fraud
• Mentions of poor customer service
• Too many overly positive reviews that sound the same (this could indicate that the reviews aren’t real)  

Reviews provide a pretty good picture of whether or not a website is safe, because people don’t like being scammed or having their information shared without permission.

How to check if a website is safe to buy from

If you’re planning to make a purchase on the site and you’ve already checked third-party reviews of the business, a few additional checks can help you evaluate whether a website is safe to buy from. Here’s what to do next:

• Check accepted payment methods: Legitimate sites offer standard options like credit cards or trusted payment services. Be cautious of sites that only accept bank transfers, cryptocurrency, or gift cards.
• Look for clear return policies: Reputable stores explain how returns, refunds, and exchanges work (and if they’re not accepted).
• Verify contact details: Look for a physical or mailing address, email address, manager details, social media handles, and customer support options.
• Do a quick inventory check: Deep discounts on high-value items can be a common sign of scam sites. Check that the pricing is consistent with what you expect.

These checks don’t guarantee safety, but they can help you better assess whether a site is trustworthy before entering payment details. This is especially true for shops that advertise on social media, such as TikTok Shop.

7. Search for contact information

Contact information on its own isn’t a guarantee that a site is safe, but it is a signal that there is a person or a team of people who are ready to assist you if you have questions.

If a site feels a little sketchy, or if you want to make a purchase but don’t want to trust your financial information to a company you don’t know, reach out using the contact information. They may have other ways for you to make a purchase that you feel more comfortable with.

If a site doesn’t have obvious contact information, it might be an oversight (especially if it’s a newer site), or it could mean that whoever owns the domain doesn’t want people contacting them because of potentially shady practices.

8. Keep an eye out for spelling errors and design problems

Sites that are riddled with design issues and spelling and grammatical errors could be a sign that a site isn’t safe. Pharming attacks and spoofed sites are designed to trick you into providing your personal and financial information to what appears to be a site you already know and trust. However, scammers will often make mistakes when it comes to the text and functionality of these sites.

If you find that the elements on a page you’ve used before look different, or there are misspelled words or odd turns of phrase, it could mean you’re on an unsafe site. Close the browser window, clear your history, cookies, and caches, then try going back to the site. If it looks normal, that likely means you were on a scam site.

9. There are too many pop-ups

Everyone has their definition of how many pop-ups are too many, but if a site has so many pop-ups that you can’t actually navigate it, that means there are too many. If there are multiple pop-ups and none are related to the site you tried to visit, that’s another sign that you may be on an unsafe website.

Pop-ups to avoid:

• Any that ask for financial information
• Cybersecurity warnings — this is called scareware, and it could mean that you end up downloading malware instead of protecting yourself from it
• Those advertising unrelated products or services

Installing a pop-up blocker for your phone and computer can help suppress a lot of these dialog boxes before they ever become a problem.

10. Find out who owns the site

Before you spend money at an online store, you can verify who owns the site by running a Whois search. This search will tell you who owns a website so you can make a more informed decision about where you want to spend your money. If a site is owned by someone other than the purported owner (or you can’t find a way to contact them), you’re probably better off taking your business to a more reputable company.

If you’re still not convinced the site is safe, you can also check how long a domain has been registered. Newly-created websites may carry more risk, especially if they’re asking for sensitive information or promoting urgent offers. Domain age alone doesn’t determine safety, but it can provide useful context when combined with other signals.

11. Use web security tools

Using web security tools like Norton 360 Deluxe can help block hackers and protect against fake sites, helping to prevent your data from falling into the wrong hands. And with a built-in VPN and parental controls, safer browsing is available for you and your family. Not only can these security tools protect your financial and personal information, but they also help protect your devices from debilitating malware.

FAQs

How do scam websites work?

There are several kinds of scam websites, and they each function differently. Phishing sites are designed to get you to reveal personal information about yourself that can help hackers and scammers get into your accounts. Hackers build spoof sites to look like sites you already know and trust in order to steal your account information and passwords directly.

How can I check if a link is safe?

If you’re using a computer, you can hover over the link with your cursor. If it shows a different domain than what you expected, it may be unsafe. You can copy it and check it out with a URL safety check site. If a link doesn’t look safe (or you just aren’t sure), it’s best to not click it. Instead, go directly to the site by typing the URL into your browser to avoid exposing your information to scammers.

Does clearing my cache get rid of viruses?

It depends. Some viruses and malware may be designed to hang out in your browser cache, and clearing it could delete them. However, it won’t help if the malware was already deployed.

How do I know if a link is phishing?

If the message or site has grammatical and spelling errors and poor design functionality, it might be a sign that it’s trying to phish you. If the site asks for information that could be used to identify you or reveal your passwords or other sensitive information, it could be a phishing link. If a link came from an unknown sender or it looks suspicious, it’s best not to click on it.