Page tree
Skip to end of metadata
Go to start of metadata


This article provides general tips to determine if a website is legitimate or secure.

Is the Website Legitimate?


 Check the Address Bar

By checking the address bar, you can verify that the site you accessed did not "redirect" you to a different site. Some attackers will use a "redirect" method to gather data. When redirected, you may click or access a link for a known site and may be sent to another. For example, accessing Amazon should bring you to a website with the web address of "" If the address bar shows a different website, the website may not be legitimate. Please see the FAQ for further information about web addresses.

 Contact the Company

Check the website itself before conducting business with the website. Usually, at bottom of a website, there is an option called "Contact Us." If you do not trust a website, contact the company using the contact information listed. If you do not receive a response (or you notice the phone number is out of service), the site may not be legitimate.

 Does the Content of the Website Look Appropriate?

Legitimate businesses try to keep their websites professional in appearance and behavior. Check the website for things such as spelling errors, major grammatical errors, or readability ("Does the text make sense?"). Sites with these sorts of errors may not be legitimate. Trust your instincts. If the page does not look right, it may not be.

 Have People Reported the Website?

A common method of investigating the legitimacy of a site is to use a major search engine (such as Google). Feel free to refer to VirusTotal's tool to check for possible vulnerabilities (use the "URL" tab to scan the site).

 Does Your Browser Prompt You With an Error?

When trying to connect to an illegitimate website, your web browser may prompt you with an error message. If you receive a message like the one below, the website may not be legitimate.

Your connection is not private

Is the Website Secure?


 Check the Icon in the Address Bar

If there is a 🔒 symbol located before the address in the address bar, you are using a private connection. If a website has private connections, it usually is a secure website.

 Check the Protocol in the Address Bar

Web addresses are split into three different parts: the protocol (https://), the hostname (, and the file name. If the protocol is "https" for a site, you are using a secure page. Below is an example of a secure URL:

parts of a web address

 Check the Website's Privacy Policy

A website's Privacy Policy will state how data is collected on the company's website. If you're concerned about the data the website may be gathering, refer to their Privacy Policy. If you're unable to find the website's privacy policy, the site may not be secure.

 Important Tips if a Website is not Secure
  • Do not log into a website unless you trust it. Please make sure that the website is legitimate by following the tips listed in the "Is the Website Legitimate?" section of this article.
  • If you do not feel comfortable logging into the website, do not log in.
  • If you logged into a site, be sure to log out as soon as you're finished using it.
 How can I check if a page is behind a login?

Open an incognito window in Google Chrome. To open an incognito window in Windows, Linux, or Chrome OS: Press Ctrl + Shift + n. For Mac OS: Press ⌘ + Shift + n.

. Next, paste the link in the address bar and press "Enter" to see if a login is required on the webpage.

incognito mode


 Common Web Domains

Some common web domains are:

  • .com
  • .net
  • .org
  • .gov (only for official government websites)

If a website does not have one of these domains, it may not be secure or legitimate. This does not mean that websites with these domains are always secure or legitimate, these are only commonly used domains. International sites will often have a domain for their country (such as .uk).

 Are all legitimate websites secure?

No. Not all legitimate sites use or need to use a secure connection. This does not mean that you cannot trust a legitimate website, but you should exercise caution when using the site.

 Are all secure websites legitimate?

No. Some sites will behave and look like a legitimate site, when in fact they are used to lure visitors to enter sensitive data. One example of these sorts of activities is a "man-in-the-middle attack." In this scenario, an attacker sets up a site that looks like its legitimate counterpart (such as a banking site). However, the site is designed to have the victim enter sensitive data (such as passwords, SSNS, etc) for the attacker to gather. For more information on man-in-the-middle attacks, please read TechTarget's article.


ITS Help Desk

(850) 474-2075