How do you know if a web site is secure?As great as the Internet is and as much as we’ve all grown accustomed to having instant access to a huge amount of useful information, the fact is the Internet can also be a scary place where it’s easy to lose your private information.

But it doesn’t have to be that way.

As you browse to a web page, there are some pretty easy ways to tell if the page you’re visiting is legitimate and can be trusted, or is a fake or scammed page that just wants to do you harm.

Here are a few suggestions for how you can tell if a web page is secure.


Look for HTTPS://

On web pages that ask for your personal information, such as your email, your name, etc., it’s important that the page be “secure”, which means that the information you type in is encrypted as it travels from your computer to the server on the Internet.

In the “old days” of the Internet, the only pages that your worried about being secure were shopping pages where you might enter your address and a credit card number.

But today, it’s becoming more common to see security on many of the pages you visit, and legitimate companies and organizations make their entire sites secure.

Which is exactly what you’ll see on!

For a page to be secure, it has to be using an HTTPS connection, where the site has been issued an SSL Certificate from a licensed security company.

To see if a page is connected using HTTPS, just look at the address bar on the top of your browser. You’ll typically see a “green padlock” AND the address will start with the letters “https://” and not just “http://” (notice there’s no “s”).

For example, if you look at the top of your browser window right now (as you’re reading this article), you’ll see an address that looks like this in Google Chrome…

And like this in Firefox…

As you look at the address, try clicking the padlock with your mouse, and you’ll see additional security information.  Here’s what that looks like in Google Chrome…


Double-check the address (URL)

If you clicked a link to visit a page, make sure that the address you now see on the browser address bar is the same one you clicked on.

“Phishing” is a common type of email scam where you’ll get a message that looks very legitimate, asking you visit a financially related web site (like your bank) and log into your account to fix something that’s wrong.

But the  link they are asking you to click in the email actually takes you to a bogus site that again, looks legitimate, but is not.

You can tell the site is not legitimate because the address you see on the browser address bar will not match the actual address of the site you think you are visiting.

Here is an example if a “fake” email from Apple that includes a link that is NOT to the Apple Web site. You can tell the link is fake by noticing the address that’s listed at the very bottom of the screen (which appears as you mouse-over the “Verify my Apple ID” link in the message).



Look for Privacy Policy and Terms of Service Pages

Most legitimate web sites will have special pages that give you information about how the site uses your information and the type of security they use to keep your information safe.

You can typically find links to those pages at the bottom of each page, in the “footer”. You’ll want to look for a Privacy Policy page (which states how your information is used) and a Terms of Service or Terms of Use (which explains the sites and yours legal obligations).

Right now, if you scroll to the bottom of this article page, you’ll see both of those types of links.


Look for an About Page or a Contact Page

Sites that are legitimate want you to know who they are, and will therefore typically have an “About” page that gives you that information, or a “Contact” page that gives you information on how you can directly contact the site owners.  NOT seeing an About page or a Contact page should raise some concerns about the site.


Some Tools You Can Use

Although they’re not perfect, there are some web-based tools you can use to double-check and see if a site is legitimate.

  • Qualys SSL Labs – If you type in the domain of a site that is using SSL, after a few minutes it will scan the site for the quality of the SSL certificate and the type of connection the site uses. Here is what the report for this web site looked like…

  • Sucuri Malware and Security Scan – Type in the domain name and Sucuri does a scan of the site to see if it’s infected with malware or if it’s address has been blacklisted. Here is what the report looks like for DiscoverSkills…


Good reading for more information

If you’d like to learn more about how to tell if a site is secure, here are some articles you can check…