These days it can be very difficult to tell if a site is trustworthy
or not. Many nefarious sites are being designed to look respectable.
Thus you should always make sure that a site is not dangerous by using
multiple approaches. This is especially important to consider before
providing a site with sensitive information such as credit card numbers,
banking information, your email address, etc...
In
general you may want to be wary of a site if it asks you for
unnecessary personal information, a credit card number, or a bank number
when it's not necessary. This could be evidence of them phishing for
your sensitive information. In order to better recognize phishing scams,
and thus avoid them, please see the examples provided on this page. You
should also be wary of sites with offers that seem too good to be true,
have very intrusive ads, have multiple popups, tell you that you need
to install a plugin to view content, etc... For sites such as these you
should definitely consider using the methods described below to make
sure that the site is actually safe before proceeding further.
Index
1. How To Investigate A Site Before Visiting It
2. General Approach To Analyzing Sites
A) Check Site With Zulu URL Risk Analyzer and Comodo Web Inspector
B) Check Site With VirusTotal And URLVoid
C) Check Reputation Of Site With Web Of Trust
3. Make Sure SSL Certificate Is Trustworthy Before Making Purchases
4. How To Report Dangerous Sites
1. How To Investigate A Site Before Visiting It
If
the source of a link seems phishy, such as if it came in an
unrecognized email or it is a suspicious link posted online, I would
recommend that you don't click it until you've made sure the site is not
dangerous. To copy the link for analysis, without ever visiting the
site, you can right click on it and select the option to "Copy link
address" (For Chrome), "Copy link location" for Firefox, etc... If this
link appears to be a shortened URL, then you must first unshorten the
URL before testing it. If you don't do this then your analysis will
actually just test the site that shortened it. To unshorten the link you
can go to this site and paste the shortened URL into the box. It will
then provide you with the actual URL, which you can copy to use for the
analysis below.
2. General Approach To Analyzing Sites
A) Check Site With Zulu URL Risk Analyzer and Comodo Web Inspector
The
first thing I would advise doing is copying the website's URL and
pasting it into Comodo Web Inspector. However, this analysis may take a
while as it is running an in-depth real-time analysis of the site to
check for any possibly malicious content. Thus, I would advise running
Zulu URL Risk Analyzer at the same time. However, once Comodo Web
Inspector is done it will present you with its findings. If the site is
rated as High Risk it's very likely that the site is dangerous. If it
rates it as Suspicious the site is probably dangerous, but you may want
to see what the other services mentioned in this article rate the site.
Then
also copy the URL into Zulu URL Risk Analyzer. If given the choice
choose to reanalyze the site. This also uses multiple methods to analyze
the site. After it is done analyzing the site it will present you with
an overall risk score of how likely the site is to be dangerous from 0
to 100, with 100 being very dangerous. It will also provide you an
interpretation of this in which it will rate the site as Benign,
Suspicious, or Malicious. While I have seen it have some false positives
on safe sites, in which it rated them as Suspicious, I have never seen
it rate a safe site as Malicious. Thus, my advice for using this service
is that if it rates the site as Malicious you can be relatively
confident that the site is dangerous. However, if it rates it as Benign
or Suspicious then you should move on to the following steps to further
evaluate the site.
B) Check Site With VirusTotal and URLVoid
To
check the site against the databases of many reputation engines and
domain blacklists the next thing you should do is copy the website's URL
and paste it into VirusTotal. If the site was previously rated you
should select the option to Rescan. If the site is already known to be
dangerous it will likely be flagged by at least a few services. However,
even if they all come up clean it doesn't necessarily mean that the
site is trustworthy. Remember what was discussed earlier about how the
age of the site comes into play when interpreting these results.
Also
copy the website's URL into URLVoid. This service is similar to
VirusTotal in that it also checks the site against many blacklists. If
presented, choose the option to "Update Report", as this will provide
you with the most up-to-date results. Also, near the top it provides you
with when the domain was first registered. Although this information by
itself tells us very little, in general, if a site is new it may not
mean much if it is not flagged as dangerous by any of the above
services. It often takes a while for any of the services to locate, and
analyze, new dangerous sites. Also, even old sites, which were
previously safe, can be hacked and turned into phishing, or malware
infested, sites. Thus, just because a site is old, and not flagged as
dangerous, does not mean that it is certainly not dangerous.
C) Check Reputation of Site With Web Of Trust
At
the bottom of the URLVoid results for the site it also presents you
with the WOT ratings. This trust score, by itself, should be helpful for
you in judging whether the site is trustworthy. However, clicking on
the button in the third column brings up the WOT scorecard for the site,
which provides even more information. This information includes
people's comments about the site, assuming anyone has left comments. In
terms of the comments, it should be noted that the comments of
individuals may be biased for many reasons, but by reading through many
comments you should be able to get an idea of whether the site is
dangerous and the main problems people have with the site, assuming
there are a lot of negative comments. This information can also be used
to decide whether the site is actually dangerous.
Note
that another very useful aspect of using WOT is that nearly all popular
sites should already be rated. Thus, if you find yourself on a site
which is popular, such as Paypal, Gmail, etc..., but WOT says that the
site is unrated, it may be a phishing page.
3. Make Sure SSL Certificate Is Trustworthy Before Making Purchases
Even
if none of the above methods indicate that the site is dangerous,
before transmitting your sensitive information to the site there are
additional issues to be aware of. One of these is to make sure that the
page where you fill in your sensitive information, which may include
credit card numbers or banking information, is secured with a SSL
certificate. If the URL of the page you're on begins with https then an
encrypted connection is being used and your information is probably
safe, at least assuming that the site is trustworthy. As long as the
site is secured then nobody other than you and the people operating the
site can view the information you are submitting. I would strongly
recommend that you do not transmit sensitive information through any
site that is not secured in such a way.
However,
there is one subtle danger to be aware of. There are actually many
different types of SSL certificates. These provide varying levels of
trust. An extended validation certificate will guarantee that the
business is legitimate, while many other types are only validated with
respect to the domain, but not the owners and operators of the domain.
Do note that some phishing sites have been known to purchas low-level
validation certificates in order to trick people into believing they are
trustworthy. For more information about the differences between these
certificates please see this page. I'd strongly recommend reading the
information on that site. Only if the certificate itself guarantees that
the site is safe, and belongs to a valid business, should you have
complete trust in that domain.
No comments:
Post a Comment