Every day, millions of people purchase things online. Several thousands of them fall prey to online scams such as Phishing and malware. There are a huge number of websites which can automatically steal information from you while you are browsing, doing social media updates, or transacting online.
Most of these attacks come from websites which purport to be genuine to steal important information from you—an attack strategy popularly known as Phishing. This Internet security threat occurs mostly to people who use Internet for purchasing things or banking.
In this article, let’s look at some ways to find out if a website or an order form you find online could actually get you into trouble.
Investigate the Domain
Every website has a domain name. Examples: google.com, facebook.com, bluebugle.org, etc. This is the most basic website address. For instance, if you have a website address (look at the address bar of your browser) in the form of “a.b.com/purchase/buy/buy.aspx?num=33”, how will find out its domain name?
The simple technique is thus: find the TLD (Top Level Domain, such as .com, .org, .ca, .us, .co.uk, .co.in, etc.) Once you find the TLD, your domain name search will be easy. The domain name is the combination of the word preceding the TLD (excluding the dot) and the TLD. In the example given, the domain name is b.com.
In this way, you will be able to distinguish between website address that are genuine and those that look genuine.
Threat.google.com/threat.html: genuine page from Google domain
Google.x.com/genuine.html: a page from x.com which is not at all affiliated to Google in any official capacity.
Once you know the domain name, you know if the website is genuine or not. For instance, if you click a link and get to the website of your bank but the domain name is quite unknown, you should know immediately that the website is not genuine, but has copied the design of your bank’s website.
The most basic information about the security of a website may be given by the browser itself. Depending on the browser you are using, you should be able to get security information about a website. On desktop, Google Chrome gives Internet security information as shown in this image:
In Firefox, warning looks like this:
The More Information button gives you details of the website.
Almost all of the browsers out there are also Internet security applications. They show warning messages if you are about to visit an insecure or Phishing website.
However, last year CSO of Australia reported that Google and Microsoft have poor URL blacklists. Due to this, you should be checking a URL on multiple services to see if it is really secure.
Checking the Website
If you need to find out the details of a website and see if it could be a threat to Internet security, you can use one of the several available testing services. Some of which are…
1. Zulu Risk Analyzer
This is a comprehensive URL analyzer that gives you the details of the website, its URL, content, and the external objects linked from the URL. Based on the checks, it lists whether the domain is benign or suspicious.
Link: Zulu Risk Analyzer
2. URL Void
This service has a URL blacklist which you can compare your URL against. Google Safe Browsing, Norton SafeWeb, and the tools given by a number of Internet security applications are available in URL Void to check the given URL.
Link: URL Void
Google acquired VirusTotal in September this year, and it works pretty much like an online antivirus. The tool can analyze URLs and files and tell you if they are safe. With this service, you will be able to upload files of size up to 32 MB from your computer to analyze with VirusTotal. The reputation of a website can be found based on the number of votes it has.
Besides these, you can check your website on browser plugins such as Web of Trust (WOT). Also, at Google Safe Browsing diagnostic, you can check the website URL against the Google Safe Browsing database. Simply replace the domain name with the URL you want to check. Here is the URL of Safe Browsing diagnostic: http://www.google.com/safebrowsing/diagnostic?site=”put your URL here”.
Analyzing Shortened URLs
There are a few URL shortening services out there which have gained ground. Some of these are official as well: fb.me (Facebook), t.co (Twitter), goo.gl (Google), TinyURL, bit.ly, etc. There is no telling if an attacker has used one of these legitimate shortening tools to present you with a malicious URL.
Let’s imagine you come across a shortened URL. You have no idea whether the actual URL is secure or not, and it is unwise to put the short URL on your browser. In such cases, first thing you need to do is unshorten the URL. In order to do that, you should go to unshort.me. Unshort.me converts the short URL to the original URL which you can analyze further.
I have found that Goo.gl immediately disables a URL if it is an Internet security threat. Google crosschecks the blacklist database and disables the newly created short URL. Do not count on other services. I have found TinyURL, t.co, and bit.ly shortening malicious URLs without any compunction.
Reporting a Threat
Have you come across a possible threat to Internet security? If it is not already in the database of these threat detectors, you can report it to them. There are a number of authorities you can report a threat to. And most of them have provisions for that available in their website itself. Here are some of them:
1. Report to Google: Send spam report via Webmaster Tools
2. Report Phishing to Google Safe Browsing
3. Report Phishing to IRS, USA
4. Internet Watch Foundation, UK
5. Malware and spam report to URL blacklist
6. Submit to Internet Crime Complaint Center, IC3, formed by FBI and NW3C.
These are some of the options you can go for. Besides these, multiple antivirus and internet security companies have their own spam report forms which you can use.
These tools and techniques can ensure that you are browsing a completely secure website. However, while submitting any important information such as your credit card number or social security number, you should ensure further security. You should have a very good antivirus and antimalware program installed on your computer.