Is this webshop safe? 4 easy ways to check website safety

With advice on how to check a website for safety changing in recent years, F‑Secure experts reveal why you need to look beyond the lock icon when it comes to checking ecommerce security.

When visiting an online shop many of us check website safety by looking for a closed padlock next to the URL in our browser. It’s advice that continues to get shared today, and according to Google research almost half of us (44%) use the lock icon as to assess a site’s trustworthiness. But this is now outdated.

The closed lock icon that we see in our browsers indicates that a site is secured with a digital SSL (Secure Sockets Layer) certificate. This, alongside the additional indicator of HTTPS in a URL, means that data sent between two points — the browser and a server — is encrypted. But what it doesn’t mean is that you can implicitly trust that connection. Because cyber criminals use SSL, too.

In fact, according to a report by the Anti-Phishing Working Group (APWG), in the first quarter of 2021 83% of phishing sites had SSL encryption enabled, which means every person visiting one of those sites would have seen a closed lock in their browser.

It used to be relatively easy to spot fake web­sites. You could just look out for bad grammar or the missing lock icon in the address bar, explained Joel Latto, Threat Advisor at F‑Secure. However, this advice, while still commonly shared, is outdated.

Google’s research into the use of the lock icon has also found that 74% of people incorrectly think that it means a site is secure, with 48% mistakenly believing that it indicated a site’s trustworthiness. As a result of this misunder­standing, Google has announced that it will be removing the lock icon from the Chrome browser (version 117), due for release in early September 2023.

The story behind the lock icon is just one example of how common security misunder­standings can spread, and it show­cases the importance of a rounded approach, which combines the best advice with the best tools.

Browsers and cyber security products have built‑in ways to identify untrustworthy sites, such as Google’s Safe Browsing technology and F‑Secure’s Browsing Protection, which prevents you from unintentionally accessing harmful URLs. These are great ways to assess a site’s trustworthiness. But they should be used in conjunction with the very best cyber security awareness.

Here, experts at F‑Secure provide four tips for checking website safety, enabling you to combine the latest tools with the very best advice from cyber security specialists.

Check the shop with F‑Secure’s free Online Shopping Checker

The easiest way to check if a webshop is safe is to use F‑Secure’s free tool. It looks into multiple security factors, such as how new the shop is, technical information, reviews and comments about the shop and multiple others. It gives you a quick safety check about millions of shopping sites.

Some technical factors within a site can be difficult and cumbersome to investigate. However, these aspects may reveal vital information about a shop’s safety, as online criminals don’t usually have the time or interest to get them all sorted out. F‑Secure’s free tool looks into these technical details for you, potentially eliminating the need for any further safety checks. And best of all, it’s completely free. Try F‑Secure Online Shopping Checker now.

Beware slashed prices

If the online shop’s prices are too good to be true, they probably are, said Mika Lehtinen, Director, Research Collaboration at F‑Secure. Legitimate shops tend to sell products at competitive prices. Fake shops may offer products at prices that are noticeably lower than the prices of legitimate shops in order to lure people in to make a purchase. If you encounter a shop with exceptionally low prices, pay extra attention to other potential indications of a scam.

Comparison engines are now available in almost every corner of the ecommerce world, and the reality is that retailers know exactly what competitors are selling their products for, meaning that most will only undercut prices by a small margin, if at all.

Pay attention to URL spellings

Top shopping sites are usually well known and trusted by many users, they have a large user base and positive reviews from users. So sticking with the trusted retailers that you have made purchase before is always a good start, said Sarogini Muniyandi, Senior Manager, Threat Protection Engineering at F‑Secure. Keeping track of the website URL address also helps in ensuring you are on the right page. And to avoid landing on the wrong/scam page, be aware of URL misspelling and typo­squatting [the intentional and inconspicuous misspelling of a link or URL].

It isn’t always possible to stick with trusted retailers, though, and in cases where you use a new retailer, a simple Google search of the the vendor name will reveal what other sites and users are saying online (for example, via Wikipedia pages, reviews, and partner and reseller sites).

Check reviews carefully

It is becoming easier to fake reviews about website, or even start a fake website that boosts reviews of a fake shopping website, explained Ash Shatrieh, Threat Intelligence Researcher at F‑Secure. The trick is always to convince victims that what they are seeing is correct, but accomplishing that is not easy. If you stumble upon many reviews from usernames which look fake (or serial, e.g. john145, john136…) chances are higher that the reviews are being faked for this website.

As well as being mindful of fake reviews, you should also turn to respected review platforms — such as Trustpilot (which currently hosts over 200m reviews) — where you can check what other buyers are saying in their legitimate reviews.

total
total

Shop safely online with Total

F‑Secure’s Browsing Protection (included in Total) enables you to evaluate the safety of web­sites and prevents you from unintentionally accessing harmful URLs.

  • Quickly identify safe sites in your search results

  • Block harmful sites automatically

  • Get feed­back on potentially harmful sites with safety ratings

Read more about Total