This information applies to Windows Internet Explorer 7 and Windows Internet Explorer 8.
Knowing when to trust a website depends in part on who publishes the website, what information they want, and what you want from the site. If you're not sure whether to trust a website, consider these questions:
When you click the lock icon in the Address bar, you can see the security report. Depending on the type of certificate the website has, you can see the website address or the company address that the certificate was issued to. Extended Validation (EV) certificates will turn the Address bar green, and will contain a confirmed name and address for the website owner. Non-EV certificates will display the website address or the domain of the site. If the security report only shows the website's address, be sure it is the address you wanted to visit. Phishing or fraudulent websites will often use similar website names to trick visitors into believing they are visiting trusted sites. For more information on phishing, see What is phishing?
Certificates are issued by companies called certification authorities. Windows contains a list of the most common certification authorities. If Windows doesn't recognize the issuer of the certificate, a warning message will appear. However, Windows can be configured to trust any certification authority, so you should not rely solely on receiving a warning message when a website is potentially fraudulent.
An Internet trust organization is a company that verifies that a website has a privacy statement (a posted notification of how your personal information is used) and that the website gives you a choice of how they use your information. Websites approved by Internet trust organizations are able to display the privacy certification seals, usually somewhere on their home page or order forms. However, these seals don't guarantee that a website is trustworthy; it just means the website complies with the terms acceptable to the Internet trust organization. Additionally, some unscrupulous websites might display the trust logos fraudulently. If you are not sure whether a trust logo is legitimate, contact the trust organization to see if the website is registered with them.
To learn more about these trust organizations, you can go to the TRUSTe website, the BBB Online website,
or the WebTrust website.
Do they have a phone number that you can call if you have a problem, or that you can use to place an order? Does the website list a street address? Is there a posted return policy with acceptable terms? If the site doesn't provide a phone number or physical address, try contacting the company by e‑mail to ask for that information.
If you are not familiar with a website or it does not have a privacy certification seal, that might not necessarily mean that you cannot trust it. Ask reliable friends or colleagues about the site. Search for references to the site on the Internet to see if a source, such as a magazine or company that you do trust, has referred to it. Read the website's privacy statements or other disclosures (but keep in mind that the site might not necessarily abide by them).
A website might not be trustworthy if:
The site is referred to you through an e‑mail message from someone you don't know.
The site offers objectionable content, such as pornography or illegal materials.
The site makes offers that seem too good to be true, indicating a possible scam or the sale of illegal or pirated products.
You are lured to the site by a bait and switch scheme, in which the product or service is not what you were expecting.
You are asked for a credit card as a verification of identity or for personal information that does not seem necessary.
You are asked to provide a credit card number without proof that the transaction is secure.