The internet can be a very dangerous place. Website owners and administrators are supposed to take responsibility and ensure the safety of their visitors, but many sites are not secure – at least not enough. Moreover, there are actually websites out there that exist to spread malware, steal information, send spam, and on. Therefore, it makes sense for you to learn how to find out whether a website is safe to navigate through, fill in personal data or credit card details, and so on.
In this guide, we intend to provide you with all the information you need to identify safe and secure sites when you are surfing the web through the Microsoft Edge browser in Windows 10. Hopefully, by the time you are done going through our post, you will be able to distinguish between safe (authentic or legit) sites and fraudulent (malicious or harmful) pages.
Microsoft Edge is a relatively new browser. It was bundled with Windows 10, which is the latest operating system version from Microsoft. Microsoft seems to have developed Microsoft Edge as a replacement for the old Internet Explorer browser, which was plagued with several security vulnerabilities and holes. Internet Explorer is borderline obsolete these days – if that means anything to you. Microsoft Edge is on the rise.
How do I know whether to trust a website on Microsoft Edge?
There is a good chance you are accustomed to browsing on a different browser – such as Google Chrome or Mozilla Firefox. They are considerably more popular than Microsoft Edge and might be ahead in their development cycles. Since Microsoft Edge is new, the signs you have to watch for might appear differently.
After you go through the first three tips, you will know how to identify a website that has HTTPS encryption and related security features. The other recommendations apply in all web browsing events regardless of the browser involved.
Check for the “S” in the HTTPS (in the URL):
You should be familiar with HTTPS (Hypertext Transfer Protocol Secure), which is the secure extension of the regular HTTP. A good number of URLs on the web begin with “https” instead of “http” to tell users that they are encrypted. If you are on a website that requires you to enter your personal information – such as a password, credit card number, or any confidential data – then you must confirm that the site uses HTTPS.
The location of the S in “https” matters a lot, so you must look out for it and confirm that everything is in order. With HTTPS, websites use a special protocol for secure communication. Such sites are generally decent. Ideally, you should not enter any sensitive data or information on a web page that uses HTTP (the regular protocol) – even if you are sure the site involved is legit.
Check for the green or grey lock:
Microsoft Edge (like most browsers) displays a lock close to the address bar of the page to indicate that the website uses HTTPS encryption. The lock is usually green or gray. You can verify website security by clicking on the lock icon or the area close to it (on the left of the address bar) in Microsoft Edge. The browser is then supposed to bring up a pop-up or window where the security certificate and related information for the website are outlined.
When you see a grey lock, it means the site involved is encrypted and verified. When a green lock is displayed, however, then it means Microsoft Edge considers the site to be secured and authentic, and even more so than a page that has a grey lock. In general, the presence or absence of locks is probably the quickest way to figure out whether a website is secure.
View the website security or authenticity certificate:
We earlier stated that you could click on the lock icon or the area close to it (on the address bar for a webpage) to view the website validation certificate. Well, here, we intend to expand on the verification details involving security certification. Most validation certificates are put up to confirm that the firm running a site has something to prove that they own it. They are commonly referred to as SSL certificates.
An SSL certificate corresponds to the small data files that are used to bind a cryptographic key to a firm or organization’s details. Sites with SSLs certificates are configured to send and receive data securely. Companies are supposed to pass through a validation process to get an SSL certificate. Most importantly, there are different levels of validation. Yes, some SSL certificates are easier to acquire than others.
For example, Domain Validation (DV) – which is the lowest level of validation – is a certificate that simply validates the ownership of the domain and not much else. Its acquisition does not imply or prove the legitimacy of the organization that got the certificate. You can buy the Micr0s0ft.com domain and request a certificate for it, for example. You will probably get the certificate – since you own the domain.
Extended Validation (EV) – which is the highest level of validation – is the safest and most extensive of the lot. Before firms or organizations acquire an Extended Validation certificate, they have to prove not only their identity, but also their legitimacy as a business. You can easily figure out what kind of certificate a site has by looking at the lock on the address bar. If the lock is green, then it is an EV certificate. Otherwise – if the lock is grey – then it is probably a DV certificate.
Check their contact details:
Another way of determining a website validity or organization legitimacy requires you to check and confirm its contact details. Not all details are equal. If you find a contact page where a telephone number is provided, then that is good, but it is even better when a physical address is provided. Nevertheless, you might want to perform further checks on the number and address outlined.
If you are not sure of the website legitimacy, you can try to contact the phone number to see if it is operational and connects as expected. If a firm or organization is reputable, then you can expect their number to be reachable. Of course, they want potential customers to contact them – if they need to. If you have to verify an address, then you can input the details into a mapping website and see what comes up. You can even check the street view for the area on the Google Earth service.
If everything matches and makes sense, then you will know the website is legitimate. While these measures seem small or minute, they might be the difference between you deciding to deal with a business because their operations are registered and valid and you walking away from a scam where you would end up losing money, data, or even more.
Go through peoples’ experiences and reviews about the site:
It does not take much effort to open another tab, input the site name alongside the relevant keywords, and then perform search operations on Google. Ideally, your query should be something like this: is INSERTWEBSITENAME safe or is INSERTWEBSITENAME secure.
There is a good chance that other people – especially those who were in the same position you are in now – tried to ask this question, while other users on the web provided replies. You might want to check for answers only on trusted forums or webpages you are familiar with already. If you see replies on suspicious pages, then you must investigate things further.
If you are dealing with an organization that sells products or offers services, then their stuff is likely to have been reviewed on regular sites. You can go through the reviews people have left on boards. If they are generally positive, then it might be a good thing. However, you must understand that overwhelming positive reviews do not constitute a good sign or proof of trustworthiness. Some reviews on the web are faked; websites pay for them to gain the appearance of legitimacy.
Check for signs of website malware:
Even sites with SSL certificates, good privacy policies, contact information, and all else that matters might not be safe – if they have been infected by malware or hacked. To this end, it makes sense for you to learn to figure out when a website is not in a good state. These things might give it away:
- Defacements: If you find out that the site icon or content has been replaced with a logo or name that does not make sense or correspond with what should be there, then the site has probably suffered an attack.
- Suspicious pop-ups: If you see pop-ups that make outlandish (or far-too-good-to-be true) claims, then you must understand that they are trying to entice you – and get you to click on them and download malware.
- Bad or shady advertising: if the ads you see contain unprofessional terms and spelling/grammar errors or if they promote unbelievable stuff or celebrity scandals, then you must take precautions.
- Malicious or continuous redirects: If you type in a URL (or click on a link) and get redirected to another site or page that looks suspicious, then you must get off your destination.
- Phishing kits: If you end up on a site that imitates a standard or commonly visited site – banking websites, for example – then you must understand that attackers are trying to trick you into giving your sensitive information away.
- SEO spam: If you find unusual links or weird posts on a site – especially in its comment section – then their presence points to SEO spam, which is hardly a good thing.
- Search Engine warnings: The major search engines scan websites for malware and place warnings on them when they get infected with malware. If you see a notification to this effect, you must avoid the affected site.
Verify the website trust seal – if it has one:
You can check the website for an icon with words that read “Secure” or “Verified”. Such an icon is probably a trust seal. The presence of a trust seal implies that the website has a security partner or works with one. Generally, trust seals appear on sites that use HTTPS – which means they can also be considered security indicators. Nevertheless, they sometimes point to the other safety features the site possesses. For example, details about the site’s last malware scan.
If you are trying to shop online, then the presence of the trust seal is hardly enough. You have to go a step further to verify that the badge displayed is legitimate. You can do this easily by clicking on the badge or seal and watch where it takes you to. You are supposed to end up on a verification page that confirms the authenticity of that seal. Well, if the events play out this way or similar, then the site is working with the security firm. You can even do some research on the security firm that supplied the badge and see what comes up.
Major red flags that tell you a site is malicious, dangerous, or harmful
As a general rule, you must not access or continue to stay on a site when you see these things or when these events play out:
- You end up on the website after a strange redirect, or you learn about it from an unknown source, or its link was contained in an email message that was sent by someone you do not know. Even if you got the URL from an individual in your contact list, you must take precautions. That person’s account might have fallen to attackers, for one.
- The site you are on offers objectionable, questionable or controversial content. It could be pornography, arms, drugs, or other illegal substances or materials. The sites that host such content are almost always harmful. Some of them are regular websites that fell to hackers.
- The website offers products at ridiculous or too good to be true prices. If you purchase items on such a platform, you are likely to end up being a victim of a scam or your credit or debit card details might get stolen, and so on. In general, the outcome is hardly ever good with such websites. Even if the products exist as they claim, they are probably illegal, stolen, or pirated stuff.
- The website asks you to fill in your credit or debit card number to verify your identify (or do something similar). Of course, this request for such personal information or sensitive details is as unreasonable as it gets. You must never provide your financial details or even contact information on such websites no matter what the end game seems to be.
- Even in scenarios where you are asked to provide your financial details to make payment for a seemingly harmless product, you must refrain from filling in your credit or debit card numbers if the site involved does not comply with the previous rules we described. In other words, you should make no transactions on a site that does not use HTTPS, one that lacks a lock icon, or one that does not possess a security certificate that proves its authenticity on the web or legitimacy as a business.
Microsoft Edge Safety Features: How They Protect You from Harm or Malware
There is a good number of features – which Microsoft built into Microsoft Edge – that provide additional layers of security for users. Some of them tell you when it is appropriate to trust a site, while others work to block threats without your knowledge or any input from you.
Microsoft Edge is programmed to operate in a sandbox:
Sandbox is the technical term used to refer to an obscure or isolated environment. When an application is forced to run in a sandbox, it means the application code is contained and cannot influence or affect other stuff running on the device. The old Internet Explorer was considered vulnerable because the application was built directly into the Windows operating system environment, which means attackers could compromise the computer through the browser.
Microsoft Edge, on the other hand, is a universal application with code that forces it to run in a partial sandbox constantly. Well, this change translates to better security for users – in the rare situations where the browser gets compromised, the rest of the computer will remain protected or unaffected. To be fair, attackers already find it incredibly difficult to gain access to modern browsers these days, but the sandbox setup almost guarantees your safety, even if things go wrong.
Microsoft SmartScreen and passport technology work against phishing:
Microsoft first introduced SmartScreen as a safety component or device in Internet Explorer 8, but it was also implemented in Microsoft Edge and its capabilities were improved there. SmartScreen protects users from phishing sites or platforms by performing a reputation check on the websites they want to access.
In scenarios where Microsoft SmartScreen considers a website safe, it will allow you to proceed to it without issues. If the technology finds anything suspicious or fishy, it will force your browser to display a warning. You might then get options that allow you to visit the site all the same, or you might not. The SmartScreen functionality also comes in handy in situations where malicious applications try to access bad websites (with or without your knowledge) – it blocks their operations.
Extensions for Microsoft Edge are secure:
Most browsers allow users to install extensions that serve various purposes. Extensions make web surfing better in many ways; internet applications or devices cannot do without them. However, some extensions are dangerous or malicious; attackers develop such extensions to gain access to users’ computers. Those extensions that cause harm while masquerading as normal programs are sometimes referred to as offensive extensions. Extensions created using manipulative languages like Java or Silverlight (or similar scripts) are good examples.
Microsoft Edge, fortunately, does not allow the installation of conflict-creating, malicious, or dangerous browser extensions – such as the ones we gave as examples earlier – on its platform. In other words, if an extension is considered unsafe, you will be unable to download and install it on Edge. Edge is more likely to create its own (fresh) extension model to aid flexibility.
Microsoft Edge does not use old or vulnerable technology:
The internet should be a safer place in the future as developers continue to switch to HTML5 and Microsoft (through Microsoft Edge) plays its role by encouraging adoption of newer and more secure tech. Well, the proposed changes and updates will go a long way in preventing attackers from spreading malware through sites or webpages.
You following the security tips and recommendations in this guide does not guarantee your computer’s total safety from threats. You still have to install a security application on your computer and use it to perform scans for viruses and malware, set up defense layers against threats, and so on.
You can get Auslogics Anti-Malware for the job. You get to improve your system’s overall defense setup by installing this program. If you have an antivirus running already, then the application will function alongside it to protect your computer. If you have no security program installed right now, then you will do well to take this chance to make things right.