Website Security: What Are the Red Flags of an Unsafe Website?

March 27, 2019

Website owners have to take responsibility for their visitors’ safety, but unfortunately, not every website is secure.

In fact, website hosting can be risky if you’re not careful. Studies show that as many as 18.5 million websites are malware infected at any one time.

Understanding website security

To protect yourself and your personal information, you’ll need to be aware of the red flags associated with an unsafe website. Plus, it’s wise to download and leverage website security software to help harden your defenses while surfing the world wide web.

By the end of this article, you’ll be acquainted with those red flags, as well as some security software suggestions to keep you, your family, and your colleagues safe online.

Red flag #1: No SSL certificate

When coming onto a website for the first time, the first thing you need to look out for is the SSL (Secure Sockets Layers) certificate. It is really easy to check if a website has a valid SSL certification, and there are two methods of determining it. The first method is to look out for a padlock symbol on the left-hand side of the URL at the top of your browser. And the second method is to look at the actual domain name itself.

If a site has been secured by SSL certification, you will notice that the domain will begin with “https” instead of “http” – see example below. 

ssl certificate

The job of the SSL certification is to protect sensitive information, such as credit and debit card details, traveling from the server to site (or vice versa). Without the SSL certificate, the sensitive information is at risk of being exposed and accessible to cyber-criminals.

Red flag #2: Poor customer reviews

If you want to know about the reputation of a website, your online community will probably have something to say. Online review websites like G2 Crowd and TrustPilot can help you see how the online community rates and reviews specific websites and software.

The advent of social media platforms has encouraged people to write about their personal experiences online. If a customer has had a positive experience, they will leave a positive review and vice versa.

If you can see that a brand, website, or software has a lot of positive reviews, it’s a strong indicator that you can trust their website and the websites associated with that brand. '

Get 50+ cyber security resources, FREE.    Get my resources →

Red flag #3: Lack of GDPR compliant forms and policies

Since the introduction of the EU regulation GDPR, many websites have begun to ask for user consent in exchange for accessing and processing the user’s personal data. Consent is usually asked for in a pop-up form. 

GDPR compliance example


Most consent forms, like the example above, should explicitly communicate how your data is collected and protected by the website.

Note: Make sure you read it through carefully before confirming consent.

The introduction of this regulation has marked a huge step in data privacy and encouraged many US states to adopt similar legislation.

Earlier this year, The US Government Accountability Office released a 56-page report which advocated the adoption of federal legislation that mimics the GDPR mandate.

Red flag #4: Missing trust seals

Legitimate websites will have a certificate of authentication, or a trust seal, on the header and footer throughout the website. If it is an eCommerce site, then you’ll most likely see it on the checkout pages. The trust seal will be from accredited internet security bodies like Norton, McAfee, and Trustwave. These seals can often indicate if a site has an SSL certificate, but it can also indicate other features including the date of the last malware scam.

According to Sitelock, 79 percent of consumers expect to see a trust seal. However, you need to be wary that there are some fraudulent websites that will attempt to deceive users with similar looking seals on their website. If you are not sure, try clicking on their seals. If they are authentic, you should be taken to another website that explains the accreditation. 


trust seals


Red flag #5: Vague contact information

According to a survey by KoMarketing, 44 percent of respondents say that if they don’t see any sort of contact information, they will leave the website to look elsewhere. Additionally, 54 percent say that the lack of “thorough contact information” reduced the credibility they had with the vendor.

A website should have clearly visible contact information on every page that clearly displays their email address, phone number, a physical address, and social media accounts. This gives consumers the added reassurance so they can reach out to someone if they need assistance. 

Red flag #6: Presence of common malware indicators

Even if a site that does have the necessary SSL certificate, privacy policy, contact information or trust seal, it might not be secure if it is infected with malware.

Here’s a list of all the common malware attacks:

  • SEO spam: You may see SEO spam in a website’s comments section. They usually consist of broken English, wild claims, and a link to an external malware-ridden website.
  • Phishing kits: These kits imitate frequently visited sites, like banking websites and eCommerce stores, to trick visitors into handing over their sensitive information. These can include login credentials and financial details. In most cases, they will appear legitimate, but things like grammar and spelling will give them away. Another type of phishing kit is malicious redirects – this is where you type in the URL and you’re redirected to another site that looks similar but suspicious. Again, look out for bad spelling and grammar.
  • Defacement: An easy one to spot. This is where cybercriminals replace the site’s content with a different name, logo, and imagery.
  • Suspicious pop-ups: Be wary of any pop-ups that make some wild and unrealistic claims. These pop-ups are trying to bait you into clicking onto their CTA to install malware onto your system without your knowledge.

5 tools to help you stay secure online

Ensuring your web experience is secure should be your top priority. While the above signs can help you identify if a site is secure or not, you also need to take responsibility for the security of your device. Here are some tools that you can use to prevent you from becoming a victim of a cyber attack

1. SSL certificate checkers

As previously mentioned, you can look for the presence of “https” in the address bar. But if you want to double check, you can use SSL certificate software to check websites for their SSL certification, and also to attain SSL certification for your own website.

2. VPN software

While SSL certificates should be your first port of call in ensuring the site that you access is secure, it’s also wise to secure yourself from more local threats with a VPN. This is especially the case when you’re on the road and you are using public Wi-Fi, which McAfee claims to be relatively insecure, as it is easy for hackers to breach.

We advise that you invest in a Virtual Private Network (VPN software), a piece of software that you can use to create secure connections to the internet, no matter where you are. 

Related: Checkout this roundup of 50 VPN statistics that will make you reconsider your online security.

3. Firewall software

To bolster the security of your home or business network, consider using firewall software.

Most comprehensive security platforms will include a firewall that you can easily implement onto your network. Firewalls act as an electronic barrier that helps to block unauthorized access to your computers and devices, including IoT devices like webcams, smart speakers, and smart thermostats. This is important since IoT devices aren’t equipped with native security measures.

4. Password management software

Even if websites are trying their best to ensure your data is kept secure in line with regulation such as the GDPR, we highly advise that you create strong and unique passwords for all your accounts that are storing sensitive information. Plus, a strong password management tool will store all of your passwords through either an encrypted vault downloaded to your computer or mobile device, or digitally through browser plugins or extensions.

Finally, no two accounts or websites should have the same password. We have seen many instances where one hack became many hacks, due to password repetition. With a password manager, this won’t be an issue, as you won’t have to remember every single password you use.

5. Anti-malware software and Anti-virus software

To protect yourself from any malware threats, we strongly advise that you install anti-malware software solutions like Malwarebytes and regularly run scans to quarantine any suspicious files that you have downloaded by accident.

And of course, no device should be without anti-virus software. When choosing anti-virus software, we highly recommend that you use software that has been highly rated and is widely trusted.

Browse with confidence

Website security should be a top priority for both website owners and internet surfers. When browsing the web, never take your security for granted. Check for certificates, customer reviews, security seals, and law-abiding activity. Plus, be sure to equip yourself, and your business, with the best tools to prevent and manage cyber attacks—in all their forms.

Why risk it? Protect yourself from vendor security breaches and fraudulent charges with G2 Track. (It's free!)

Manage my software compliance →

Website Security: What Are the Red Flags of an Unsafe Website? Do you know if the websites you're browsing are safe? Check out our article on website security to learn what red flags signal an unsecure website.
Paul Savage Paul manages the agency partnership program at Core dna. He's responsible for training partners on new technologies such as headless CMS/eCommerce and helping them close bigger deals, faster.

Never miss a post.

Subscribe to keep your fingers on the tech pulse.

By submitting this form, you are agreeing to receive marketing communications from G2.