How to Tell If A Website Is Dangerous

 

These days it can be very difficult to tell if a site is trustworthy or not. Many nefarious sites are being designed to look respectable. Thus you should always make sure that a site is not dangerous by using multiple approaches. This is especially important to consider before providing a site with sensitive information such as credit card numbers, banking information, your email address, etc...

 

In general you may want to be wary of a site if it asks you for unnecessary personal information, a credit card number, or a bank number when it's not necessary. This could be evidence of them phishing for your sensitive information. In order to better recognize phishing scams, and thus avoid them, please see the examples provided on this page. You should also be wary of sites with offers that seem too good to be true, have very intrusive ads, have multiple popups, tell you that you need to install a plugin to view content, etc... For sites such as these you should definitely consider using the methods described below to make sure that the site is actually safe before proceeding further.

 

Index

1. How To Investigate A Site Before Visiting It

2. General Approach To Analyzing Sites

    A) Check Site With Zulu URL Risk Analyzer and Comodo Web Inspector

    B) Check Site With VirusTotal And URLVoid

    C) Check Reputation Of Site With Web Of Trust

3. Make Sure SSL Certificate Is Trustworthy Before Making Purchases

4. How To Report Dangerous Sites

 

1. How To Investigate A Site Before Visiting It

 

If the source of a link seems phishy, such as if it came in an unrecognized email or it is a suspicious link posted online, I would recommend that you don't click it until you've made sure the site is not dangerous. To copy the link for analysis, without ever visiting the site, you can right click on it and select the option to "Copy link address" (For Chrome), "Copy link location" for Firefox, etc... If this link appears to be a shortened URL, then you must first unshorten the URL before testing it. If you don't do this then your analysis will actually just test the site that shortened it. To unshorten the link you can go to this site and paste the shortened URL into the box. It will then provide you with the actual URL, which you can copy to use for the analysis below.

 

2. General Approach To Analyzing Sites

 

A) Check Site With Zulu URL Risk Analyzer and Comodo Web Inspector

The first thing I would advise doing is copying the website's URL and pasting it into Comodo Web Inspector. However, this analysis may take a while as it is running an in-depth real-time analysis of the site to check for any possibly malicious content. Thus, I would advise running Zulu URL Risk Analyzer at the same time. However, once Comodo Web Inspector is done it will present you with its findings. If the site is rated as High Risk it's very likely that the site is dangerous. If it rates it as Suspicious the site is probably dangerous, but you may want to see what the other services mentioned in this article rate the site.

 

Then also copy the URL into Zulu URL Risk Analyzer. If given the choice choose to reanalyze the site. This also uses multiple methods to analyze the site. After it is done analyzing the site it will present you with an overall risk score of how likely the site is to be dangerous from 0 to 100, with 100 being very dangerous. It will also provide you an interpretation of this in which it will rate the site as Benign, Suspicious, or Malicious. While I have seen it have some false positives on safe sites, in which it rated them as Suspicious, I have never seen it rate a safe site as Malicious. Thus, my advice for using this service is that if it rates the site as Malicious you can be relatively confident that the site is dangerous. However, if it rates it as Benign or Suspicious then you should move on to the following steps to further evaluate the site.

 

B) Check Site With VirusTotal and URLVoid

To check the site against the databases of many reputation engines and domain blacklists the next thing you should do is copy the website's URL and paste it into VirusTotal. If the site was previously rated you should select the option to Rescan. If the site is already known to be dangerous it will likely be flagged by at least a few services. However, even if they all come up clean it doesn't necessarily mean that the site is trustworthy. Remember what was discussed earlier about how the age of the site comes into play when interpreting these results.

 

Also copy the website's URL into URLVoid. This service is similar to VirusTotal in that it also checks the site against many blacklists. If presented, choose the option to "Update Report", as this will provide you with the most up-to-date results. Also, near the top it provides you with when the domain was first registered. Although this information by itself tells us very little, in general, if a site is new it may not mean much if it is not flagged as dangerous by any of the above services. It often takes a while for any of the services to locate, and analyze, new dangerous sites. Also, even old sites, which were previously safe, can be hacked and turned into phishing, or malware infested, sites. Thus, just because a site is old, and not flagged as dangerous, does not mean that it is certainly not dangerous.

 

C) Check Reputation of Site With Web Of Trust

At the bottom of the URLVoid results for the site it also presents you with the WOT ratings. This trust score, by itself, should be helpful for you in judging whether the site is trustworthy. However, clicking on the button in the third column brings up the WOT scorecard for the site, which provides even more information. This information includes people's comments about the site, assuming anyone has left comments. In terms of the comments, it should be noted that the comments of individuals may be biased for many reasons, but by reading through many comments you should be able to get an idea of whether the site is dangerous and the main problems people have with the site, assuming there are a lot of negative comments. This information can also be used to decide whether the site is actually dangerous.

 

Note that another very useful aspect of using WOT is that nearly all popular sites should already be rated. Thus, if you find yourself on a site which is popular, such as Paypal, Gmail, etc..., but WOT says that the site is unrated, it may be a phishing page.

 

3. Make Sure SSL Certificate Is Trustworthy Before Making Purchases

 

Even if none of the above methods indicate that the site is dangerous, before transmitting your sensitive information to the site there are additional issues to be aware of. One of these is to make sure that the page where you fill in your sensitive information, which may include credit card numbers or banking information, is secured with a SSL certificate. If the URL of the page you're on begins with https then an encrypted connection is being used and your information is probably safe, at least assuming that the site is trustworthy. As long as the site is secured then nobody other than you and the people operating the site can view the information you are submitting. I would strongly recommend that you do not transmit sensitive information through any site that is not secured in such a way.

 

However, there is one subtle danger to be aware of. There are actually many different types of SSL certificates. These provide varying levels of trust. An extended validation certificate will guarantee that the business is legitimate, while many other types are only validated with respect to the domain, but not the owners and operators of the domain. Do note that some phishing sites have been known to purchas low-level validation certificates in order to trick people into believing they are trustworthy. For more information about the differences between these certificates please see this page. I'd strongly recommend reading the information on that site. Only if the certificate itself guarantees that the site is safe, and belongs to a valid business, should you have complete trust in that domain.

 

4. How To Report Dangerous Sites

 

If you do find that a site is dangerous I would appreciate it if you could take a few minutes to report the site so that other people will be protected from it. To do this please read this article I've written about How to Report Dangerous Websites.

 

 

 

 

Please help by rating this article. Also, if you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

How to Avoid Spam

How to Clean An Infected Computer

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Know If Your Computer Is Infected

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Malware or False Positives to Multiple Antivirus Vendors

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.55932
Average: 4.6 (118 votes)
Your rating: None

Comments

by MidnightCowboy on 30. March 2012 - 15:53  (91433)

WOT is not a scam at all, far from it. At the very least they are bound by the rules of the country in which they are based, Finland, which is more responsible than many others when it comes to licensing approval. It is our opinion that the opportunities for their system to be abused are kept to the absolute minimum which is why we are confident in using their ratings as our own policy for every link published. As with any system, third parties will always seek to manipulate it either for their own gain, or for the malicious demise of others. Overall we have found WOT to be highly expedient in responding to such events, although the place to raise these concerns is in their own forum and not on other sites. By adopting this approach, users can offer feedback and then monitor how it is responded to.

by MidnightCowboy on 30. March 2012 - 16:56  (91435)

I did incidentally put the specific question about money being an influence direct to WOT and this was their emailed response:

"This most likely refers to the trust seals we offer to websites that have already earned a good reputation from our users. It's one of the favorite rumors to spread for those site owners who are suffering from poor ratings. Here's the relevant FAQ section:

http://www.mywot.com/wiki/FAQ#Selling_trust_seals_means_reputations_can_...

So no, we don't sell good ratings.

This might also be about our partnership with Facebook. Since there are so many negative comments on Facebook's scorecard, some people think our business relationship has an effect on their reputation. It doesn't. While there are a few thousand negative comments (including votes) on the scorecard, Facebook's reputation rating is based on nearly quarter of a million user ratings, the vast majority of which are positive".

by Remah on 26. March 2012 - 19:32  (91222)

WOT is very effective. Any public rating system is open to some form of abuse but WOT is definitely not as open to abuse as you say it is.

Remah
Editor, Best Free Internet Safety Check

by Chiron on 26. March 2012 - 18:13  (91212)

I've actually found the comments to be very useful, although that is not always true of the ratings. By reading the comments you should be able to get an idea of what it is that makes people unhappy with the site and also whether there only seems to be one major problem which they all are harping on. Thus if you read the comments carefully you should be able to discern the me-too'ers from the people with a valid complaint.

I'll include a comment about this in my next rewrite.

Thanks.

by MidnightCowboy on 26. March 2012 - 16:53  (91208)

Regarding WOT, see here for an in depth review:

http://www.techsupportalert.com/content/best-internet-safety-check.htm

by TooLooze (not verified) on 26. March 2012 - 16:19  (91207)

I don't know about WOT abuse, but whenever I have ranted a site, a disclaimer states that my rating only applies to my browsing and not public ratings. Maybe this is because WOT is a firefox add-on in my case, but either way, it doesn't seem to be particularly accurate.

by Remah on 26. March 2012 - 19:28  (91221)

It's not clear what you mean. Did you mean that when you rated a site with WOT you also left a comment. Comments have no impact on WOT site ratings.

When I compared WOT with other free Internet safety checks WOT was one of the most accurate at protecting from dangerous sites and the best of the products integrated into the five main browsers. You can see the rankings at
http://www.techsupportalert.com/content/best-internet-safety-check.htm#Q...

None of the products I tested were more than 90% accurate at warning about known bad sites. This is not so much of a problem because most of us have a relatively low risk of exposure to dangerous sites unless we are directed there by search results, ads, "friends" or hijacked sites.

It is also important to remember that WOT does not measure "security", it measures "trust". So what you trust may be different than other raters.

Remah
Editor, Best Free Internet Safety Check

by TooLooze (not verified) on 27. March 2012 - 12:38  (91251)

Sorry for being unclear. WOT does provide ratings to the sites I visit. When I rate a site using the "bars" system, it displays my ratings but apparently doesn't save them or apply them to the current rating for the site. When I return to the same site, it lists "my rating" only.

by barney (not verified) on 29. March 2012 - 1:21  (91353)

When last I reviewed WOT, it had no redress system in place. In other words, anyone could decry my site, but there was no way for me - as a site owner - to address any complaints. {I don't have a public site, btw, that's just an example.) Any one (1)-way system is going to go downhill in relatively short order. Without some adjudication system, it is, at best, an opinion poll, and at worst, a means to destroy a competitor or rival or just someone you don't like. Maybe that has changed over time, but I'd not give WOT the time of day, much less my traffic or opinions on sites I've visited.

WOT seems to be based upon the concept that {fifty thousand|fifty million|enter your number here} people can't be wrong. If you subscribe to that, you should be perfectly comfortable with WOT ... until you discern the conceptual error for yourself - or get bitten by it. There's a difference between Web of Trust and Web of Tryst.

by MidnightCowboy on 29. March 2012 - 5:23  (91360)

This is incorrect. Please see these links where this information is freely available.

http://www.mywot.com/en/faq/website/rating-websites#manipulation
http://www.mywot.com/en/faq/website/reputation-problems

by Mike C on 29. March 2012 - 2:43  (91356)

I agree with this. This system must slowly decline in value.

by gmdsr (not verified) on 26. March 2012 - 13:55  (91195)

I liked your article and found it helpful. As with everything you can't cover every situation that happens. Good article.

A question I have for you is, Once an entity has your name and e-mail how do you back track them to taken it back, or get them to stop using your and email?

by Mike Feury (not verified) on 26. March 2012 - 23:02  (91230)

"Once an entity has your name and e-mail how do you back track them to taken it back, or get them to stop using your and email?"

There is no way to do that for sure--I've even had legit-seeming unsubscribes have no effect.

If it's a concern, use one of the one-time email services, ie where the address ceases to function a few minutes / hours / days after you use it. Can't find a list of those here on a quick search...

Fyi there are also similar credit card services, ie one-time numbers.

by Mike Feury (not verified) on 26. March 2012 - 23:46  (91232)

"one of the one-time email services"
Found one:
http://10minutemail.com/10MinuteMail/index.html

by Chiron on 26. March 2012 - 18:14  (91213)

I'm not sure what type of entity you are referring to. Do you mean criminals or a legitimate site?

by Jer (not verified) on 26. March 2012 - 12:52  (91190)

Frankly, I won't shop at any site that does not allow paying through PayPal. This keeps my info out of all sites but one.

by Chiron on 26. March 2012 - 18:15  (91214)

That's certainly one way to go. However, I believe that as long as the site is trustworthy other options can also be considered.

by Luckyedau (not verified) on 26. March 2012 - 12:47  (91189)

Having recently been caught by a dud site the information given would have been invaluable. Fortunately my Bank picked up the dud transaction and saved me further drama. Changed Card and away again being much more vigilant. This will help in the future.

by Chiron on 26. March 2012 - 18:16  (91215)

Thank you.

Please let me know if you have any questions.

by pressiondegonflage (not verified) on 26. March 2012 - 12:42  (91188)

Good afternoon.

I tried out URLVoid by submitting two sites delivered to me by what I new to be phishing emails. both came back as "Clean".

I will be interested to reae any comments on this.

by trekker (not verified) on 26. March 2012 - 14:49  (91201)

Actually,
I had a similar "all CLEAN" results experience,
with URLvoid.

It was for the compromised web site:
"code DOT kliu DOT org"
associated with the author
of the "QuickDrag" Firefox extension.
(which used to be good, now contains ads & spyware).

See the most recent extension user comments,
in the MOZILLA extensions web site:
https://addons.mozilla.org/en-US/firefox/addon/quickdrag/

The ext. Author's site
was marked by Google's Safety site
as having had:
"...malware in the last 90 days...". !!!

When I dug deeper into URLvoid's enthusiastic
"all CLEAN" rating,
I saw that one of the entries:
WOT (Web of Trust),
had _not even ranked the URL in question_.

This lack of WOT ranking was (wrongly) interpreted
by URLvoid as..."CLEAN". !?

Fail!
I wish I could, but cannot really trust URLvoid...
sorry.

by Chiron on 26. March 2012 - 18:18  (91216)

Thank you for pointing this out.

In my next rewrite I'll explain better that a "Clean" rating for WOT can also just mean that the site isn't yet in its database.

As I mentioned in my article, URLVoid is only one tool to judge a site. I'm always looking for other ways, so if you have any advice please let me know.

Thanks.

by Remah on 26. March 2012 - 22:11  (91227)

The site trekker mentions is popular enough that it has the highest reliability level, 5 out of 5, on WOT. That takes a lot of individual ratings so trekker's experience of the site being unrated may not be that recent. Even so he identifies an important issue with meta-raters like URLVoid, they each have their own reputation rating system which is applied on top of the reputation raters they use.

If you use URLVoid (or similar sites like VirusTotal) you should also be sure to get a virus/malware scan report for the site because you are more likely to pick up any problem that has just appeared on a site. Online scanners are more limited than desktop AVs and more narrowly focused than raters so I wouldn't rely on them exclusively. For more info see the Supplement to Best Free Internet Safety Check.

By the way, VirusTotal was better protection than URLVoid when I tested them last year. Both sites have had significant changes since then so that may no longer be the case.

To clarify about WOT. It will not provide a positive rating until there is "enough supporting evidence". Either enough users, particularly those most trusted, have rated it positively or negatively, or a trusted third-party source rates it negatively. Even when it provides no rating, WOT will often have ratings in its database but not enough for them to give a rating with any confidence.

by MidnightCowboy on 26. March 2012 - 13:12  (91192)

How can anyone comment without knowing which the sites were?

by eikelein on 26. March 2012 - 14:16  (91197)

MidnightCowboy,

you are basically correct but many of these spammed links are from URL-Shortener services.

So only the URL-Shortenere service gets tested and reported upon; and that usually is a "good" web site, right?

by Chiron on 26. March 2012 - 18:19  (91217)

I wasn't aware that only the URL-Shortening service got tested.

I'll test this myself and include a comment, and improved methodology, in the next rewrite.

Thanks.

by pressiondegonflage (not verified) on 26. March 2012 - 14:09  (91196)

I was not asking for comments on the iffy websites themselves but rather on the fact that URLVoid had labelled them as "clean".

by eikelein on 26. March 2012 - 14:17  (91199)

pressiondegonflage,

please consider me previous reply to MidnightCowboy and maybe reconsider your reply?

by pressiondegonflage (not verified) on 26. March 2012 - 14:36  (91200)

Yes Eikelein, that is a good point as I suspect that a lot of people would not know the significance of URL shortening and the fact that it very effectively conceals the full and true origin from those who do not yet know how to delve into the guts of things !

Howevever when in doubt about site links I will always check the message properties>details>message source.

I think we are all in agreement on this and I am sure that this sort of exchange will be taken as useful advice rather than criticisms of other people's offerings.

Heck, if I knew it all, I wouldn't bother to read Gizmo so avidly would I ?

Nice talking with you.

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here