Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

10 Ways to Check If a Website Is Legit or Not

Here’s How to Tell if a Website Is Legit

It’s quite saddening that fake websites are rising these days. In today’s generation, everyone has witnessed how the internet has evolved and the convenience it has given. For example, shopping, banking, interacting with friends, family members around the globe, is just matter of few clicks. However, this progression has also opened doors to many online threats and new ways for criminals to dupe unsuspecting users.

Also, the Better Business Bureau (BBB), Scam Tracker reports says, 11,212 scams have been registered till this April 2020, and around 35,473 in 2019, in the USA alone. By looking at these records, it’s easier to say that you may suffer a loss if you don’t take precautions, and it’s also equally vital that you learn how to identify such attacks to stay safe.

How to Check if a Website Is Legit?

Looking at today’s internet usage, it’s evident that anyone can become a victim of different online attacks, and it’s also becoming harder and harder to identify whether you’re at the fake website or the legit one. However, there are some common things to which you can pay attention, and that can help you make your judgment whether you’re browsing on a safe website or not.

Below are the ten different ways you can check if a website is legit or not.

1. Never Click Links of Unsolicited Emails

In case you’ve requested a password reset, it’s unlikely that you’ll receive an email to change your password. For instance, you receive an email message from Gmail for resetting your password. If they ever send an email, they’ll address you with your name (as they’re aware of the user’s name), and there won’t be any mistakes in writing like any typos. Moreover, it’ll never happen that they threaten to suspend your account, ask you to do it urgently, or ask to provide any personal or account-related information.

To verify whether the email is genuine or not, it’s best practice to hover the mouse over the login button or link provided in the email, so you can get an idea on which exact link you’ll be redirected. As there’s a chance that once you enter your credentials, your account gets compromised, or account details get sold over the dark web.

2. Check for Writing Mistakes

If the company who has sent you an email is legit, they’ll make an effort to ensure that they’re meeting at least minimum standards needed for communication that goes through their desk. Except for typo errors, another thing to gauge is whether the email is poorly written.

The tone of an email is proper or not because genuine companies like Apple or Microsoft will never sound threatening, even if you don’t follow the requested steps.

3. Verify Trust Seal of the Website

If you’re on the website, it’s best to verify whether it has a trust seal or not. A trust seal of trusted certificate authorities like Sectigo communicates to visitors that they’re on the safe website. Trust seal is an indication of genuineness, and if you click on that trust seal, it’ll take you to the page, which verifies whether the trust seal is authentic.

4. Check the Details of the SSL/TLS Certificate

Put simply, HTTPS is a medium that assures communication channel between you and the website server is secure and encrypted. However, SSL/TLS certificate doesn’t assure that the server with you is communicating will not steal or misuse your provided data. For instance, a malicious server, along with HTTPS, will do exactly that any malicious website does, which is harming their victims. So, to avoid such scenarios, it’s best to check the details of the SSL/TLS certificate of the website on which you’re likely to enter sensitive information, as the SSL is offered in different validation levels like Extended, Organization or Domain validated and each has their purpose. Like extended validation, SSL is issued to shopping portals, banking sectors, and others that deal with sensitive information such as credit card details.

For viewing the details of the issued SSL/TLS certificate in Google Chrome, click the padlock in the address bar and click on Certificate (Valid). In Mozilla Firefox, click the padlock icon and then go to Connection Secure option and click More Information and then View Certificate.

For Google Chrome:
For Mozilla Firefox:

5. Verify Contact Page

If you’re on any company’s website, most likely, they’ll have their listed phone number and company email address. Try verifying it by calling that phone number or else sending an email to see whether it’s delivered or not. Also, do note whether the provided email address is generic like or else proper with company brand name like

6. Social Media Presence

Genuine companies have a certain level of social media presence. On the other hand, fake websites often have icons of popular social media platforms like Twitter or Facebook, but it doesn’t link to any real social media account. Go through the company’s review given on platforms like Twitter or Facebook, try searching for the real employees of the company on LinkedIn.

7. Make Use of the Google Safe Browsing Transparency Report

If you’re not able to figure out if a website is legit, go to Google Safe Browsing Transparency Report It’s a tool that allows you to verify whether the website has any malware or the site is safe to browse, by simply adding its URL.

8. Keep Check on URL of the Website

Pay close attention to the website URL. Verify whether the website isn’t trying a homograph phishing attack. Sometimes, attackers make a small change in the URL by adding alphabets of the foreign language such as the Cyrillic alphabet, which tricks browsers into displaying those fake domain names as legit sites.
Moreover, one of the ways to identify whether the site URLs genuine or else it’s a homograph attack, simply copy and paste the URL in another tab. When pasted on the address bar and the URL come across something similar to then it’s a homograph attack.

9. Verify Website’s Privacy Policy

Nowadays, countries and organizations have their data privacy rules and laws, which make it quite mandatory to have a privacy policy page on the website. So, users can know how their data is collected, what data they collect, how it’ll be used, how it’ll be protected and stored. And, users can read and agree with the terms and conditions. Also, these days most of the website has a privacy policy, so it’s not something you’ll find anything new into it. Still, again if you verify it, you’ll be able to say whether it’s a fake or legit website, as most of the users might already have the experience of a decent privacy policy page.

Moreover, if you’re on an e-commerce website, for example, a shopping portal, it’s suggested that you also go through their shopping and return policies. It’ll help you recognize whether you’re on a legit website or not, as the legit website mention this type of information

10. Try Identifying Signs of Malware

Unwanted pop-ups, advertisements that lure to click on it usually indicate that website is engaged with the malicious activities. Be aware of such websites that try redirecting you to other websites through promotional content or the legit-looking web pages asking you to submit sensitive information about you. It’s suggested that you stay cautious of such ads and avoid clicking on it.

We Encourage Reporting Fake or Malicious Websites

If you come across any website that you find fake or its dong any malicious activity, then we encourage you to report such sites. It’s good for keeping the internet experience safe for yourself as well as others. For reporting these fraudulent sites:

Google – Report Malicious Site

Mozilla – For Reporting Fake Sites via Mozilla Firefox

Also, if you’re using Microsoft browser, then it’s even easier. It let their users report such malicious sites from within their browsers. To report, you simply need to:

Press Alt+X, it’ll open the menu from that select: Safety > Report Unsafe Website


Internet surfing can be a great and harmless experience, so you need not worry about it. But, at the same time, it’s best to watch out for the malicious sites, as these days, online threats are prevalent, instead of feeling threatened or getting scared of being a victim, its best to stay prepared. Also, trust those websites that have taken the necessary steps by making the proper investment for authentication.

Related Articles:

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More