When to trust a website
Many websites require you to enter personal information before you can access areas on the site or purchase an item or service. Before you trust a website with your information, do the following:
If you arrive at a website from a link in an email message, verify with the sender of the email message that the website is legitimate before you provide any information to the site. Phishing websites can sometimes send email messages that mimic, or spoof, legitimate email addresses.
Make sure that the website's address begins with HTTPS, and that a lock icon
appears in the Address bar. You can click the icon to view security information and certificate details.
For more information on secure websites, see How to know if an online transaction is secure in Internet Explorer 9.
Check the web address in the Address bar and in the certificate details to make sure it matches the address you want. Phishing or fraudulent websites will often use similar website names to trick visitors into believing they're visiting trusted sites.
If you're visiting a retail website, check the site for a phone number or street address so you can verify that it's legitimate. If the site only provides an email address, send a message to the address to request additional contact information. Don't provide personal information to a website that has no contact information.
Check to see if the website displays an Internet trust organization logo. The logo indicates that a site has a privacy statement and allows users to choose how their information is used. Example organizations include TRUSTe, BBB Online,
and WebTrust website.
Note, however, that many legitimate websites aren't registered with trust organizations, and some websites display fraudulent logos. If you aren't sure whether a trust logo is legitimate, contact the trust organization to see if the website is registered with them.