When to trust a website
Knowing when to trust a website depends in part on who publishes the website, what information they want, and what you want from the site. If you're not sure whether to trust a website, consider these questions:
If you are visiting the website with a secure connection, you will be able to identify the website through the site's certificate. A secure or encrypted website address will begin with HTTPS rather than HTTP, and you will often see some sort of icon in the browser such as a padlock indicating that the website is secure. Secure connections use certificates to identify the website and to encrypt your connection so that it will be more difficult for a hacker to view. For more information on secure websites, go to the Windows website
and search for "transaction is secure."
Depending on the type of certificate the website has, you can see the website address or the company address that the certificate was issued to. Extended Validation (EV) certificates will turn the address bar green in some browsers, and will contain a confirmed name and address for the website owner. Non-EV certificates will contain the website address or the domain of the site. If you can view a security report, and it only shows the website's address, be sure it is the address you wanted to visit. Phishing or fraudulent websites will often use similar website names to trick visitors into believing they are visiting trusted sites. For more information, go to the Windows website
and search for "phishing."
Certificates are issued by companies called certification authorities. Windows contains a list of the most common certification authorities. If Windows doesn't recognize the issuer of the certificate, a warning message will appear. However, Windows can be configured to trust any certification authority, so you should not rely solely on receiving a warning message when a website is potentially fraudulent.
An Internet trust organization is a company that verifies that a website has a privacy statement (a posted notification of how your personal information is used) and that the website gives you a choice of how they use your information. Websites approved by Internet trust organizations are able to display the privacy certification seals, usually somewhere on their home page or order forms. However, these seals don't guarantee that a website is trustworthy; it just means the website complies with the terms acceptable to the Internet trust organization. Additionally, some unscrupulous websites might display the trust logos fraudulently. If you are not sure whether a trust logo is legitimate, contact the trust organization to see if the website is registered with them.
To learn more about these trust organizations, you can go to the TRUSTe website, the BBB Online website,
or the WebTrust website.
If you are asked for personal information, such as credit card numbers or bank information, only provide it if there is a good reason to do so. Also, make sure there is a secure entry form for recording information. Look for a message stating that the information will be encrypted and check for a lock icon or ensure that the web address starts with HTTPS:// (do not enter confidential information if neither of these are present). Also, try to find out what the website's policy is about storing information: Do they keep your credit card number on file? Do they have partners that they share information with? You should be confident that the site is using your information properly and in a secure manner before providing any information.
Do they have a phone number that you can call if you have a problem, or that you can use to place an order? Does the website list a street address? Is there a posted return policy with acceptable terms? If the site doesn't provide a phone number or physical address, try contacting the company by e‑mail to ask for that information.
If you are not familiar with a website or it does not have a privacy certification seal, it might not necessarily mean that you cannot trust it. Ask reliable friends or colleagues about the site. Search for references to the site on the Internet to see if a source, such as a magazine or company that you do trust, has referred to it. Read the website's privacy statements or other disclosures (but keep in mind that the site might not necessarily abide by them).
A website might not be trustworthy if:
The site is referred to you through an e‑mail message from someone you don't know.
The site offers objectionable content, such as pornography or illegal materials.
The site makes offers that seem too good to be true, indicating a possible scam or the sale of illegal or pirated products.
You are lured to the site by a bait and switch scheme, in which the product or service is not what you were expecting.
You are asked for a credit card as a verification of identity or for personal information that does not seem necessary.
You are asked to provide a credit card number without proof that the transaction is secure.