1. Weird looking URLWhen an imposter website looks like the actual one but the URL doesn’t match, that’s a dead giveaway of a typosquatted site. Take an extra second to inspect URLs for suspicious misspellings, punctuation, or possibly long and garbled text in the address bar. If you’re using a web browser that only displays the domain instead of the full address, you might need to click on the address bar to reveal the whole URL. Additionally, if you see a suspect link in an email or on a website, make sure to hover over the hypertext to preview the URL before clicking through.
2. Unwanted downloadsIf a site aggressively prompts you to download an app or install a Flash Player update, o claims that your computer is infected by a virus, that’s a big sign something fishy is going on. Before you click on a button to run a (fake) antivirus scan or remove a virus that was just identified on your system by some random website, know that this is one of the oldest tricks in the book. Don’t install anything, because you’re likely to get infected by some form of malware. Security researcher and blogger Brian Krebs said it best when he said, "If you didn't go looking for it, don't download it!"
3. Strange behavior on a legitimate siteIf you went looking for Amazon.com, but pages advertising weight loss secrets or hot stock tips pop up instead, this could mean the site has been compromised without the website owner even realizing it. The hacking technique where a commonly visited website is compromised is known as a watering hole attack, which is often used to infect users with malware.
4. No SSL certificate/HTTPSThe use of encryption is now common on most major internet sites. In fact, according to Google, use of encryption jumped from 52 percent in 2013 to 77 percent in 2016. Legitimate sites that handle sensitive information will use encryption, which is usually indicated with a padlock and HTTPS in the URL. Chances are that a fake sight won’t be secure, but hackers are starting to set up their own secure phishing sites, as well.
5. Warnings from security toolsIf someone sends you a link to a website that looks a little strange, don’t just click on the link or type in the URL. Instead of going straight to the site, you can use tools to check if a website is safe or not. These tools check if the website is on blacklists of known malicious sites maintained by security organizations. Search engines sometimes flag potentially dangerous sites, as well, so it might be worth looking up suspicious websites on Google before visiting them. A little vigilance goes a long way, and it’s better to be safe than to roll the dice on a suspicious URL. With a combination of a watchful eye, up-to-date security software and end user training, you can minimize your risk. In closing, always be careful online and make sure your end users know how to spot a compromised website. As many IT professionals have experienced firsthand, organizations are much more vulnerable when employees don’t know how to avoid risky behavior on the internet.