How to Check If a Website Is Safe
Before entering personal information, making a purchase, or downloading files from an unfamiliar website, a few quick checks can reveal whether the site is legitimate. Phishing sites, malware distributors, and scam shops often have easily identifiable red flags - Once you know what to look for. Use the SSL checker and WHOIS lookup to verify a site before you trust it.
Safety Check Methods
| Check | What to Look For | Tool / Method |
|---|---|---|
| HTTPS and valid SSL certificate | Padlock icon in browser; certificate issued to the correct domain; not expired or self-signed | Browser address bar; SSL checker |
| Domain age | Newly registered domains (under 1 year) are higher risk - Scam sites are created and discarded quickly | WHOIS lookup - Check "Creation date" |
| WHOIS registrant data | Legitimate businesses have coherent WHOIS data; scam sites often use privacy proxies with generic contact info | WHOIS lookup tool |
| Google Safe Browsing | Check if the URL is flagged as malware, phishing, or unwanted software in Google's database | transparencyreport.google.com/safe-browsing/search |
| VirusTotal URL scan | Scans URL against 70+ security vendor databases simultaneously | virustotal.com |
| Reputation checkers | Aggregate scores from user reports and automated scanning | Web of Trust (WOT), Scamadviser, URLVoid |
Red Flags of an Unsafe Website
- The URL uses a lookalike domain (e.g. paypa1.com, amazon-deals.net) that mimics a trusted brand.
- The SSL certificate is issued to a different domain than the one you are visiting, is expired, or uses an unrecognised CA.
- The site was registered within the past few months, especially if it claims to be an established business.
- There is no physical address, phone number, or verifiable company registration information.
- Prices are unrealistically low (too-good-to-be-true deals are a classic scam indicator).
- The payment page redirects to a different domain than the main site.
- Browser security warnings (e.g. "Deceptive site ahead") are active - Never bypass these.
Using SSL and WHOIS Tools
An SSL certificate check reveals the certificate's validity period, the issuing Certificate Authority, and the domains it covers. A WHOIS lookup shows when the domain was registered, who the registrar is, and the name servers in use. A domain registered last week claiming to be a major retailer is almost certainly fraudulent regardless of whether it has an SSL certificate - SSL/TLS only proves the connection is encrypted, not that the site owner is trustworthy.