With the Holiday Season underway, many people are already looking to get their gift shopping done early. Of course, this means a lot of online shopping, which means that a lot of personal information (phone numbers, home addresses, and credits) will all be flying around the internet at a rapid pace. But if you aren’t careful about where you’re shopping, the “Season of Giving” will include you giving cybercriminals access to that personal information.

That’s why more than ever, it is important to know if a website is safe and secure. Sure, you can probably trust the big ones.

Ensuring a Site’s Security

First and foremost, if you’re going to be giving any website your personal information, you need to be certain that it is secure. A secure website will encrypt your data in transit so that hackers and other cybercriminals cannot view or steal it. Most websites worth visiting have some form of security in place to protect users’ information, which is extremely important for any site where money is spent.

One quick way to check if the website your own is secure is to look at its URL. If it begins with “HTTPS” instead of “HTTP,” it means the site is secured using a TLS/SSL certificate, which protects data as it is passed from your browser to the website’s server. Getting a TLS certificate requires going for an SSL validation process. Some websites don’t default to “HTTPS” even if they have certification. You can still manually add the “s” and load it up, but some websites will switch back to HTTP when moving between pages, To address this (and stay safer online in general), there are extensions and browser apps like “HTTPS Everywhere,” which forces websites to use “HTTPS” encryption whenever possible.

Another security factor to take notice of is Domain Validation (DV). It is the lowest level of TLS/SSL validation that identifies a website’s ownership, but not the validity of the organization that owns it. Still, a website lacks DV, then it is best to steer clear. If a website has DV, you will see a small padlock in the address bar next to the URL, while if it doesn’t, it can show several different things (depending on the browser), such as a lock with a slash through it, a warning sign, or simply the text “Not Secure.”

For the best possible confirmation of security, you will need to look for Extended Validation (EV), which is the highest level of TLS/SSL validation. Much like with DV, a website with EV will have a padlock in the address bar. However, if you click on the padlock, you can see additional information related to the site owner. If the information includes the organization’s name under the section “Certificate (Valid),” then the website has full EV and is secure.

Knowing a Site is Trustworthy

So you know a website is secure. But you need to remember is that there is a difference between being “secure” and being “safe.” If the website is secure, that means it’s protected from outside sources. However, it could still be a fraudulent website run by a scammer or cybercriminal. For instance, someone could buy the domain name “amaz0n.com” and set up a website that looks and functions the same as the official Amazon website. They can then buy a DV SSL certificate for their website and try to trick users into purchasing items or logging into their accounts to steal their log-in password or credit card information. In cases like this, it isn’t enough to just know that the website is secure: you need to know it’s real and trustworthy.

The first step to knowing if a website is safe is to look at its domain name. A popular tactic used by cybercriminals is to make a fake website that closely resembles one that people often use, ranging from online shopping sites like Amazon to the log-in page for a local bank. The goal is either to drag in the people who mistyped the actual site’s URL or to send a phishing email that claims to come from the website that redirects to their fake.

Either way, you should always look for differences in the URL to make sure you’re connecting to the website you intend to be. Common differences include slightly different spellings or the use of a different suffix at the end of the URL (i.e .com, .net, .org, etc.). Also, even if you receive an email from your bank or a shopping site that you often use, don’t log into that site through a provided link. Instead, just type the URL into the search bar.

Besides the URL itself, there are many other factors to keep an eye on. Look for any signs that demonstrate that the company behind the website is real. Look for a physical address, phone number, or any other identifying information. If they don’t provide this kind of information, you should be wary of buying from them. You should also look for things like information on their shipping, return, or privacy policies. Finally, exercise your best judgment concerning prices: scammers will often offer products for prices that are far lower than they should be to trick bargain-hunting buyers. It’s always nice to find a good bargain, but if it’s too low, then you might end up with knock-off goods (or nothing at all).

Stay Safe & Enjoy The Holidays

Online shopping is quick and convenient, especially in a busy year like this. But it’s easy to fall victim to many online scammers and data thieves who try to use the holidays as an opportunity to deceive others. Make sure to stay safe online and protect your information by remembering these helpful tips, not just during the holidays, but the whole year!