Skip to Content

3 ways to spot a malicious website

One of a hacker’s favorite tools for stealing your information is the phishing scam. Whether it’s through email, texts or on social media, sooner or later, you’ll run into messages that try to trick you into clicking on links to malicious websites.

Most of the time, you can spot and avoid these scams if you know what to look for. Unfortunately, you won’t always, and you still might click these bad links. But what is a malicious site, anyway?

A malicious site is one that tricks you into giving away information or downloading a virus. Or it might have code that finds and exploits security holes in your computer. If the site can find a security hole, then it can download a virus to your computer and install it without any action on your part.

Even a legitimate site can become malicious if hackers trick the ad network it uses to run infected ads.

If the hackers have done their jobs right, detecting a malicious site isn’t easy; however, there are some telltale signs. Let’s take a look at what they are.

1. Encryption

One popular type of malicious site is a fake banking site. Hackers will steal the code for a bank’s home page so it looks exactly like the real thing. Once you (try to) log in, though, the site records your login information and sends it straight to the hackers, who then log into your real bank account and drain it.

We’ve said it before, but we’ll say it again: Never click on a link in an email or text to go to your banking site. Always type in the address manually or use a bookmark you know is legitimate.

To further confirm you’re in the right place, check the address bar of your browser. First, make sure the domain name is right. For example, Chase Bank is “,” not “” or “”

Second, any real banking site should start a secure connection right away. That means the address will start with “https://” and your browser should show a key or color to indicate a secure connection. Most sites, however, don’t load encryption right away, so this is a less useful test for a shopping site or informational site.

2. Presentation

Of course, not every site is going to be a high-quality clone of a real one. Hackers often put together a bunch of generic sites at once and throw them online with whatever domain names they can get their hands on.

So, you might end up at “” and it looks like something from the 1990s with a terrible layout, bad grammar and misspellings all over the place. True, many small software developers don’t have a lot of money to sink into a nice website, but poor presentation should always give you pause.

3. Content

Outside of presentation, it’s helpful to ask what the website is trying to get you to do. Does it want you to download a program, take a survey, watch a video, or give it information so it can send you money or a free prize? Any of these could be an attack.

If the site is offering a specific piece of software, or a few of them, run the software names through Google to find the developer’s website. A lot of hackers take free software, add viruses, then put them up online at generic sites.

People searching for the software end up on the generic site and download the infected program thinking it’s the real thing. Even some “legitimate” download sites do this using toolbars and other third-party software instead of viruses.

Video scams are also popular. You’ll be told the video is the most shocking, heartwarming or sexiest thing you’ve ever seen; however, to watch it, you need to download an update for your video player! Of course, that download is a virus in disguise. Only watch videos on known sites like YouTube or, of course,

Finally, a big draw for many people is free stuff, especially on Facebook. You know, like, “Get a free iPad, car or trip to an exotic location!” You just need to enter every bit of personal information you have and pay a small fee. Remember, though, if it sounds too good to be true … you know the rest.

Bonus: Avoid malicious sites entirely

As we said above, some malicious sites don’t try to trick you; they attack you automatically through security holes in your browser. That’s why you need to make sure your computer, browser and important software are always up to date.

Adobe Flash, for example, has regular serious security problems that open up your computer to attacks. Keeping it updated is critical, but your best option is to disable it from running automatically.

Still, it’s better if you don’t land on a malicious site at all. That’s why you need to learn how to spot phishing emails and dangerous online scams.

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started