Versions Compared

Old Version 2

changes.mady.by.user Unknown User (zporter)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (arichard)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview


Excerpt

This article

...

provides general tips

...

to determine if a website is legitimate

...

or secure.


Is the Website Legitimate?


Expand
titleWhat is the domain name? Why should I be concerned about domain names?

domain name is the name of a website.  For example, uwf.edu is a domain name.

It's very difficult for scammers to create fake websites with https://uwf.edu as the domain name.  But scammers can create websites that have URLs similar to the official address.  Users must pay close attention:

  • (tick)  https://uwf.edu/helpdesk (many UWF websites will have uwf.edu/ at the beginning of the URL)
  • (tick)  https://learnmore.uwf.edu/ (this URL has uwf.edu/ nearly at the beginning, but this URL is still valid because a period separates learnmore and uwf)
  • (error)  https://learnmore-uwf.edu/ (even though uwf.edu/ comes nearly at the beginning, this URL isn't valid because a hyphen separates learnmore and uwf, not a period)
  • (error)  https://university_west_florida.com/ (this URL doesn't have uwf.edu/)
  • (error)  https://financial-forms.com/uwf.edu/forms (this URL goes to financial-forms.com/)
  • (error)  https://uwf.edu.free_money.com/ (this URL actually goes to free_money.com/)


Expand
titleCheck the Address BarDid the address (or URL) in the address bar change?

By checking the address bar, you will need to can verify that the site you accessed did not "redirect" you to a different site. Some attackers will use a "redirect" method to gather data. When redirected, you may click or access a link for a known site and may be sent to another. For example, accessing Amazon should bring you to a website with the web address of "amazon.com." If the address bar shows a different website, the website may not be legitimate. Please see the FAQ for further information about web addresses.

Also note you can hover over links on webpages and emails to see what their actual URLs are.  See screenshot below for an example.

example of hovering over a linkImage Added


Expand
titleIs the web address (or URL) correct?

Many scammers realize that users accidentally mistype URLs.  For example, some users will type gmial.com when trying to access Gmail.  Scammers could then simply purchase the gmial.com domain for their website, and imitate Gmail's login screen.  So when people go to gmial.com, see something that looks like Gmail, and provide their login credentials, now the scammers have compromised these users Gmail accounts.

Simply put, always ensure that the URLs you visit are accurate.


Expand
titleDid you click a short link instead of a longer link?

Users may choose to shorten their links, for example, to fit into a 240-character Twitter post. However, in most other instances, tiny links should be avoided, as character limits are usually not an issue, and you won't know where that tiny link leads until after you click it.

Please note one major exception – tiny links to Confluence pages.  This is an exception because users can tell where the link comes from; a tiny link from Confluence still begins with confluence.uwf.edu.  But with most other tiny links, users can't tell where the original link came from (e.g., https://bit.ly/32uPBBt ← this link is safe).


Expand
titleContact the CompanyIs there contact info listed for the company who owns the website?

Check the website itself before conducting business with the website. Usually, at either the top or bottom of a website, there will be is an option that says called "Contact Us." If you do not trust a website, contact the company using the contact information they listed. If they you do not respond at normal business hours, or their receive a response (or you notice the phone number is out of service could mean that the website is not legitimate), the site may not be legitimate.

Please know that malicious websites may have contact info as well.  So don't assume a website is good simply because it has this info listed on its website.


Expand
titleDoes the Content content of the Website Look Appropriatewebsite look appropriate?

Typically, legitimate Legitimate businesses would try to keep their website looking professionalwebsites professional in appearance and behavior. Check the website for anything things such as spelling errors, major grammatical errors, or if readability ("Does the text on the site makes sense. If any of these things are present, or the website is not presented in a professional manner, the website may not be legitimatemake sense?"). Sites with these sorts of errors may not be legitimate. Trust your instincts. If the page does not look right, it may not be.


Expand
titleHave People Reported the Website?other people reported the website as malicious?

A common method of investigating the legitimacy of a site is to use a major search engine (such as Google). Feel free to refer to VirusTotal's tool to check for possible vulnerabilities (use the "URL" tab to scan the site)Searching the web address of the website could bring up results that have people reporting the website for any illegitimate activities that they encountered, such as stealing passwords or email spamming. This should be one of your last resources, since most forum-based websites are notorious for having ads that try to steal information.


Expand
titleDoes Your Browser Prompt You With an Error?your browser prompt you with an error message?

When Typically, when trying to connect to an illegitimate website, your web browser will may prompt you with an error message. If you receive a message like the one below, the website may not be legitimate.

Your connection is not privateImage Modified

Is the Website Secure?


Expand
titleCheck the Icon in the Address BarDo you see a locked padlock in the address bar?

If there is a 🔒 lock symbol located before the address in the address bar, this means that your connection to the website is private. Typically, if you are using a private connection. If a website has private connections, then it usually is a secure website.

example of lock symbolImage Added


Expand
titleCheck the Protocol in the Address BarDoes the address (or URL) begin with https?

"http" stands for "hypertext transfer protocol"; the s in "https" stands for "secure."  All websites used to begin with "http," but recently, with all the security breaches and advances in technology, more and more websites are moving to "https."

"https" helps to ensure that the website you're visiting is actually the site you intended to visit.

Please know that there are still many legitimate websites using the old "http."  Not all legitimate sites use or need to use a secure connection. This does not mean that you cannot trust a legitimate website, but you should exercise caution when using the site.

Also know that a site isn't automatically safe because it begins with "https".  This only helps to ensure scammers aren't impersonating sites they don't own. However, scammers could simply purchase the "https" security certifications for their illegitimate websitesWeb addresses are split into three different parts: the protocol(https://), the hostname(www.example.com), and the file name. When checking a website's security, if the protocol is "https", then the website has a secure connection.


Expand
titleCheck the Website's Privacy PolicyDoes the website have a privacy policy?

A Generally, a website's Privacy Policy privacy policy will state how data is collected on the company's website. If you're concerned about the data the website may be gathering, find their Privacy Policy and look for anything concerning Datarefer to their privacy policy. If you're unable to find easily locate the website's privacy policy, you the site may not be dealing with a secure site.secure.

Below is an example of what appears at the bottom of most uwf.edu webpages:

example of privacy policyImage Added


Expand
titleImportant Tips if a Website is not SecureWhat are some tips to consider when visiting an non-secure site?

Before continuing to the tips below, please ensure

Do not log in to the website unless you trust it. Please make sure

that the website is

also

legitimate

,

by following the tips listed in the "Is the Website Legitimate?" section of this article.

  • Do not log into a website unless you trust it. 
  • If you do not feel comfortable logging in to into the website, do not log in.
  • If you logged in to the into a site, be sure to log out as soon as you're finished on the website.

 

FAQs

Expand
titleCommon Web Domains

Some common web domains are:

  • .com
  • .net
  • .org
  • .gov (only for official government websites)

If a website does not have one of these domains, it may not be secure or legitimate. This does not mean that websites with these domains are secure or legitimate, these are only commonly used domains.

Expand
titleAre all legitimate websites secure?

No. Sometimes legitimate websites do not utilize secure connections. This does not mean that you cannot trust a legitimate website, but that you do need to be careful when utilizing the website.

Expand
titleAre all secure websites legitimate?

No. Sometimes a website may have a secure feature to look more legitimate, but the website itself is used to gather passwords or other important data from individuals.

...

  • using it.



Include Page
ILP:_Help Desk Footer
ILP:_Help Desk Footer

...