The internet is built on trust; the more links in to a website, the more trustworthy it is believed to be, and the higher it will rank in search engines. But that doesn’t really help you decide whether you can trust a website you’ve come across by another route.
10 tips to know whether a website is trustworthy
None of these are infallible, and a good con artist would ensure that their website meets all of these requirements. But if a site fails any of these checks, you should think carefully before engaging with it.
In case you are unsure, a URL is the address for the site, e.g. https://www.clickandprotect.co. When reviewing a website, check that a link goes to the place you expect. To do this, just move the cursor over the link with your mouse (or press and hold on your mobile) and look at the bottom of your browser (or at the menu of prompts, on your mobile) to see where it will go—don’t click on it unless you know that it will go where you expect.
Check the domain name
- Check for https:// at the beginning of the URL rather than http://.
This is not a perfect check: the lowest level of validation for this check just checks the ownership of the domain, not whether the owner is legitimate, but it is a good place to start, and a very quick check.
- Does the domain name try to mimic a well-known one? E.g. amaz0n.co.uk vs amazon.co.uk
This is not a good sign! Back away from sites like these immediately.
Check the content and design
- Is the site well written?
A professional site will have very few typos or poorly constructed sentences. Errors can happen on any site, of course, but if the website has lots of errors, it has been written by someone with no attention to detail, or who doesn’t care about quality. Be wary.
- Is there enough content?
‘Thin’ sites (ones with lots of adverts but little original content—words, images or multimedia) are likely to be less trustworthy than sites with little content. Usually, such a site is making money from page views and adverts, and doesn’t care about the quality of the content, so there may be malicious links hidden in there.
- Is the content of good quality?
Does the site look as though it is focused on a particular topic, written by an expert on that topic, and with links out to other reputable sites?
Or does it still include fake Latin, known as Lorem Ipsum? This is often used to fill out a web design in the early stages of development. So if a site has been thrown up in a hurry, it may well include sentences like: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Sites with this kind of filler text have not been thoroughly reviewed, and are likely to be of poor quality, and therefore risky.
- Does the site look modern and well-designed?
Views on design vary, of course, just as for other art-forms. But a site that looks dated or poorly designed may well not have up to date software supporting it. So, that software may, therefore, be full of security holes and have been infected by something unpleasant.
- Are there lots of broken links?
Again, broken links happen—the internet is always being updated, and things move. But if the site has lots of links that don’t go anywhere, or that lead to broken pages, this is an indicator of an unloved website that is owned by someone with poor attention to detail.
For instance, do the links to social media channels actually go to those channels? You can always look for reviews on Facebook, or check if the company is on LinkedIn.
Check the ownership
- Is there a way of contacting the company?
Live chat, email, phone numbers, web forms … there are many ways of contacting a company, and at least one of these should be available. Ideally, there should be more than one. Sometimes a web form can break, so having additional contact options such as a phone number and email address adds to trustworthiness.
- Does the site display a physical address and a company registration number (probably in the footer, or on a contact page)?
Businesses here in the UK must display this information. If there’s no way of knowing who owns the company, and no way of contacting them, be concerned.
Personal websites are not required to publish personal details, so you’d need another way to check on these. You may be able to check who owns the website via sites like whois.domaintools.com but some of the information may be hidden, for privacy. However, whois.domaintools.com will tell you how long the site has been active; scam sites are often very short-lived.
Be aware, though, that even a long-established site can be compromised, especially if they’ve missed updating their software.
- Does the website include a privacy statement—and if you’re buying something online, is there a returns policy?
Reputable sites should tell you how they protect your personal information, and e-commerce websites should offer you a way to return an item.
Got particular concerns about something?
If you are worried about a particular website (or file), you can use www.virustotal.com to check it. Upload your file, or enter the URL, and this site will assess it and let you know if it is known to be malicious or not.
Another option is https://transparencyreport.googlecom/safe-browsing/search – enter the URL of the site you are worried about, and Google will tell you if it has been compromised or not.
Just remember: if something looks off or suspicious, it probably is—be careful.
