One popular type of malicious site is the fake banking site. Hackers will steal the code for a bank's home page, so it looks exactly like the real thing. However, if you try to log in, the site records your login information and sends it straight to the hackers who log in to your real account and drain it.
We've said it before, but we'll say it again: Never ever click on a link in an email or text to go to your banking site. Always type in the address manually or use a bookmark that you know is legitimate.
However, to further confirm you're in the right place, check the address bar of your browser. First, make sure the domain name is right. For example, Chase bank is "www.chase.com," not "www.chase-bank.com" or "www.chase.bk."
Second, any real banking site should start a secure connection right away. That means the address will start with "https://" and your browser should show a key or color to indicate a secure connection. Most sites, however, don't load encryption right away, so this is a less useful test for a shopping site or informational site. That's why you should look at ...
Of course, not every site is going to be a high-quality clone of a real one. Hackers often put together a bunch of generic sites at once and throw them online with whatever domain names they can get their hands on.
So, you might end up at "www.amazingsuperawsomefreesoftware.com" and it looks like something from the 1990s with a terrible layout, bad grammar and misspellings all over the place. True, many small software developers don't have a lot of money to sink into a nice website, but poor presentation should always give you pause.