The World Wide Web provides us with an ocean of information, entertainment, and communication options. However, as with anything in life, the good most certainly comes with some bad. And when it comes to the internet, the bad can be really bad. Hackers, scammers, and other cybercriminals could be lurking behind the scenes, waiting for you to make a mistake and click the wrong thing, or worse, to trick you into providing them with sensitive information, such as bank account or credit card numbers, which they can then use to steal from you and cause you all sorts of trouble. Anti-virus programs and other cybersecurity systems make it considerably easier for you to stay safe online. But in the end, your digital security depends on you and your ability to spot a threat before it turns into something more serious and leaves you scrambling to recover from identity theft. This blog will show you why an example of why online safety and security training should be taught in every business, as well as examples of what the course may teach. One of the skills you need to learn to make sure you stay safe online is how to tell the difference between safe and legitimate sites and the malicious ones that can cause you real problems. To help you, we’ve put together a complete guide on how to check if a website is safe and legitimate.

Understanding the Threat: Online Scams

To understand why it’s important to learn how to identify and avoid bad websites, here are some stats about the threats we face when we go online: 

  • In the US, one in ten adults will fall victim to a scam or fraud every year (FTC).
  • In 2019, phishing attempts grew by 65%.
  • 1 in 10 profiles on free dating sites is a scam.
  • Imposter scams accounted for $488 million in losses.
  • Phishing accounts for 90% of data breaches.
  • Around 1.5 million new phishing sites are set up every month.

Now that you’re sufficiently scared, let’s talk about how you can fix it. Online training plays a highly important role in security awareness and can keep you and your company safe from attack. Every organization should have some type of online training course about safety. If you’re worried about a lack of time or expertise in creating safety training content, you’re in luck! Here’s a free Guide to Custom and Off-The-Shelf Training Content, which will teach you how to stop reinventing the wheel and gives resources to quickly add quality training to your program.

Step 1: Check the URL

There are many different ways you can tell if a website is safe and secure, but perhaps one of the easiest and most obvious is to inspect the site’s URL to see if it meets the standards of security we now have for legitimate sites. Here’s a summary of the things you should be looking for: 

Is it the site you want? 

Most of us end up on websites because we click on hyperlinks on sites, social media, or email. This is fine, but make sure the site you’re visiting is actually the site you planned on visiting. Inspect the URL associated with the link you want to follow. You can do this by using your mouse to hover over the hyperlinked text. The site the link will take you to should you click on it will appear on the bottom-left of your browser window. Take a look to see if the URL matches the site the link is leading to you. If it doesn’t, then this is a clear red flag. If you feel good about the way the link looks and decide to click on it, the next step is to make sure the actual URL of the page you’ve landed on is the same as the one you intended to click. When doing this, really look carefully, even if the site looks exactly how you were expecting it to look. Scammers are very good at making sites that look exactly like the real thing but with slightly different URLs. The untrained eye can be easily fooled. For example, might be written as If the site looks exactly as it should, then you might not see this difference right away. 


The internet has been running on hypertext transfer protocol (HTTP) since the 1990s when Tim Berners-Lee came up with the concept of the World Wide Web and browsers. Not much has changed since then except that many sites are now using HTTPS, with the “s” standing for secure. This protocol was first used by banking and eCommerce sites due to the fact they frequently take in people’s bank and credit card information. With HTTPS, the site encrypts the data entered into it, providing an extra layer of security and making it much harder for your personal information to fall into the wrong hands. Nowadays, almost all sites use HTTPS, largely because Google and other search engines include it in their algorithms for determining rankings. As a result, if you get sent to a site that doesn’t use HTTPS, this should be a major red flag - steer clear. To see if the site has HTTPS, just look in the URL bar of your browser. There should either be a lock or some other icon to indicate the site is secure, or it may even say “secure.” Here’s what it looks like on Chrome: Just because a site has HTTPS doesn’t automatically mean it is safe and legitimate. Bad sites can have this security protocol too, especially if they are trying to look legitimate, but this is still a good place to start. No HTTP means stay away. 

URL Checkers 

Another thing you can do to make sure the URL of the site you’re visiting is legitimate is to plug it into a URL checker. These tools can be accessed online for free and will run a report on the URL in question to see if there have been any issues with it before. This can be a lifesaver if the tool turns up some results. It will tell you that people on the site have experienced identity theft, or they have walked away with a virus, and this should obviously be enough to discourage you from proceeding. On the contrary, if a site has been proven to be safe and trustworthy, these tools will tell you that, too, allowing you to proceed to the URL with much more peace of mind. The downside to these tools is that they will tell you nothing if there is no information about the site in question. Don’t assume that no results mean the site is legitimate. Instead, take it for what it is: a reminder that you won’t know what’s on the site until you get there. It may be completely fine, but browse aware of the risks and ready to react should you find something suspicious when you get there.

Step 2: Check the Content

Once you’re convinced the URL is okay, it’s safe to proceed to the website. However, just because the URL looks okay doesn’t guarantee the site is safe and secure. As a result, if you’re unsure about the site, spend some time looking into the content to see if you can learn more about what you’re getting yourself into. Here are some things to look out for: 

Written By Humans? 

Read through some of the written content on the site, such as the About Us page and the blog. When you do this, you’re looking to see whether or not the content appears to have been generated by humans. You can usually tell based on the way it reads. Artificial intelligence is good, but you can typically spot when a site has been relying on it too much for content creation. Bogus websites will do this because they want to give the illusion of legitimacy. They want you to feel comfortable enough on the site to start clicking around and eventually land on whatever it is the bad guys have put there to either put malicious software on your computer or, worse, steal from you. If you’re not sure, take a look at the comments on the site. If they too seem automated, this is a sign the site is not driving real engagement. It might say it has thousands and thousands of followers, but if those who interact with content leave generic comments in broken English that were clearly written by a bad computer program, then it’s likely the site is not real and should be avoided. 

Ads and Redirects 

If you’re unsure of a site’s legitimacy, a good thing to look at is what happens on the site while you navigate around. For example, does clicking on certain parts of the site cause annoying popup ads to appear? Or does it open up new tabs or windows with garbage content? These kinds of tactics are designed to get you to click on something by accident. For example, this is where you might get a pop-up message saying that your computer has been infected and you need to download an “anti-virus software” right away. Some of the pop-ups may even have false x’s at the top of the window that looks like the way to close the pop-up but that are in reality just links to more pop-ups! It can be a never-ending cycle if you’re not careful. Another thing to look out for are redirects. These occur when clicking on a link sends you to another page that’s not the one you intended to visit. On sites run by particularly savvy cybercriminals, these other pages might look just like the one wanted to open, so make sure to double-check the URL before proceeding. In general, you will be able to tell if a site is potentially bad after having spent just a few minutes on it. Safe, professional, legitimate sites don’t have crazy pop-up ads and out-of-control redirects.

Step 3: Check the Reputation

After you’ve had a chance to check out the URL and the content, you should have a good idea as to whether or not the site is legitimate. But if you aren’t sure, then the next thing to do is to spend some time reading up on the site. The first thing you should do is simply Google it. Type in something such as “Is [website] safe?” Or “scams related to [X website].” Anything related will do, but just make sure to type it into Google and not the URL bar, as this might send you to the real site, and if it is problematic, you’ll be in real trouble. See if your search comes up in any stories or articles related to scams. Next, spend some time reading reviews about the site. If the site is a full-on scam, there will probably be several other people out there who have fallen victim to the site and reported it. This is an especially smart thing to do when you’re on an eCommerce site that doesn’t inspire you with confidence. Read up to see what experiences other people have had dealing with that company. They may have had no issues at all, which would be great news for you. But if someone did get ripped off, they’re sure to write about it somewhere, which will hopefully save you from suffering a similar fate as those before you. You could also check the Better Business Bureau to see if there have been any claims filed against the company you’re dealing with.

Step 4: Check for Contact Information

As a sort of last-ditch effort, look for the contact information on the site. It’s somewhat normal for sites to not have phone numbers or to not list their address, but they should have an email address or a contact form you can fill out. Reach out to the site before you make a purchase or give away any personal information. If the site is legitimate, you should get a response pretty quickly after sending a message. But if the site’s not safe, then the email either won’t go through or it will be left unanswered. If this happens, be thankful you tried to contact someone before doing something you could undo. If the site does list a phone number, give that a try as well to see if it’s real. For spammy sites that aren’t safe, the number will almost certainly not work. When there’s no contact information at all, take that as a sign that the site is not safe. Here are some additional things you can do to help you stay safe online: 

How to Stay Safe When Browsing Online 

Knowing how to spot an unsafe site before it causes you harm is an important part of staying secure while you’re browsing the internet, but it’s not the only thing you should be doing to stay safe from the various threats you can encounter online. 

Safe Browsing Tools 

Your browser has a variety of tools you can use to help make it less likely you’ll accidentally end up on an unsafe site. To access them, you will need to go into your browser’s settings menu, find “Advanced” or “Advanced Settings” and then find the security options. Some things you can do include blocking ads and other pop-ups, restrict potentially harmful Flash content, send Do Not Track requests that keep your browsing location hidden and secure and also limit access to your microphone, webcam, mobile phone, etc. If you’re worried about stumbling onto a bad site, or if you just want to make sure your privacy is as protected as possible, make sure your browser’s security settings are set to the highest level possible. 

Anti-Virus Software 

You’ll want to make sure you have some sort of anti-virus software on your computer to help keep you safe from what’s out there. Anti-virus software is helpful because it provides another layer of protection between you and the potentially harmful content on the web. It will stop files from automatically downloading onto your computer without your consent, which can be extremely helpful if you end up on a site with lots of pop-up ads and redirects, and it will also make it easier to quarantine infected files and destroy them before they wreak havoc on the rest of your system. Another advantage of anti-virus software is that it often comes with a browser extension that makes it much easier for you to determine if a site is legitimate or not. It will tell you right on the screen if it is or not, and while you can still override it and access the site if you really want, this is a great defense against spam websites that can do you harm. 

When in Doubt, Don’t Click 

Lastly, to stay safe online, it’s important to adopt safe browsing habits, and there’s no better way to do this than to use a “when in doubt, don’t click” approach to using the internet. You can usually tell when something at least appears suspicious, and when you get that feeling, listen to your instincts and run away. It’s much better to find out later that the site is okay thanks to some additional research than to learn the hard way that it’s not safe. Taking this approach will make it easier for you to also avoid email scams and other attempts to get your personal information off you and use it to steal from you. As a result, if you can learn how to do it when trying to decide which sites are safe to visit, you will be taking a big step towards avoiding all the different things cybercriminals can do to those who aren’t well-versed in online security.


It might seem like a lot to do this each time you visit a new site, but it’s important to follow a process to make sure the site you’re on truly is safe and legitimate. Plus, over time, a lot of this stuff will become second nature. You will have the tools in place and the knowledge needed to spot suspicious websites from the first moment you see them. This blog serves as a small sneak peek into what online safety and security training can do for you - make it easier to avoid online threats and explore the internet in a much more secure manner. Talk with an eLearning expert for free to learn how your organization can use online training to increase employee knowledge and skillset, keeping your business the best it can be.

Sign up to receive industry tips, trends, & insights