How to Identify Secure Websites

Fake websites are designed to look exactly like real ones. Here’s how to tell the difference before entering any personal information.

The 5-Point Website Security Check

Before entering any sensitive information (passwords, card numbers, personal details), verify:

1. Check the URL Carefully

The URL (web address) is your first defense.

Legitimate Examples:

https://www.sbi.co.in - State Bank of India
https://www.hdfcbank.com - HDFC Bank
https://www.irctc.co.in - IRCTC

Fake Examples:

https://www.sbi-secure-login.com - FAKE
https://www.hdfc-bank-update.in - FAKE
https://www.irctc-booking.xyz - FAKE

Red Flags in URLs:

Extra words like “secure”, “login”, “update”, “verify”
Hyphens where there shouldn’t be (sbi-bank instead of sbi)
Wrong domain extension (.xyz, .tk, .ml instead of .co.in, .com)
Misspellings (flipkrat.com instead of flipkart.com)

2. Look for HTTPS and Padlock

HTTPS = Secure connection (look for the s)
Padlock icon = Certificate verified
Red warning = Do NOT proceed

Important: HTTPS alone doesn’t mean a site is legitimate - scammers can get certificates too. Always verify the URL as well.

3. Verify the Certificate

Click the padlock to see certificate details:

Click the padlock icon in the address bar
Click “Certificate” or “Connection is secure”
Verify the “Issued to” field matches the company

For banking sites, look for “Extended Validation” (EV) certificates which show the company name in green.

4. Check for Professional Design

While not foolproof, legitimate sites usually:

Have no spelling/grammar errors
Load quickly and smoothly
Have working links
Display proper contact information
Show physical address and customer care numbers

5. Search for the Official Site

When in doubt:

Open a new tab
Search for the company name + “official website”
Look for verified results or Wikipedia links
Navigate from there - don’t click links from messages

Common Phishing Websites in India

Banking Scams

Fake sites claiming to be:

SBI, HDFC, ICICI, Axis Bank
Usually arrive via SMS: “Your account is blocked”

E-commerce Scams

Fake sites impersonating:

Amazon, Flipkart, Myntra
Often advertise 90% discounts

Government Scams

Fake sites pretending to be:

Income Tax department
EPFO (PF withdrawal scams)
Passport Seva

UPI/Payment Scams

Fake sites copying:

PhonePe, Google Pay, Paytm
Usually for “cashback” or “rewards”

How to Verify Indian Bank Websites

Bank	Official Website
SBI	`https://www.onlinesbi.sbi`
HDFC	`https://www.hdfcbank.com`
ICICI	`https://www.icicibank.com`
Axis	`https://www.axisbank.com`
Kotak	`https://www.kotak.com`
PNB	`https://www.pnbindia.in`

Pro Tip: Bookmark your bank’s official website and always access it from your bookmark - never from links in messages.

What to Do If You Entered Details on a Fake Site

Act immediately:

Change your password on the real site immediately
Call your bank to report and possibly block your account
Check for unauthorized transactions
Report the fake site to cybercrime.gov.in
Enable 2FA on all accounts if not already done
Monitor your accounts closely for the next few weeks

Browser Security Settings

Enable Safe Browsing:

Chrome:

Settings > Privacy and Security
Enable “Enhanced protection”

Firefox:

Settings > Privacy & Security
Enable all “Deceptive Content and Dangerous Software Protection” options

Safari:

Preferences > Security
Enable “Warn when visiting a fraudulent website”

Tools to Verify Websites

Google Safe Browsing: transparencyreport.google.com/safe-browsing
VirusTotal: virustotal.com - Scan suspicious URLs
URLVoid: urlvoid.com - Check website reputation

Key Takeaways

Always verify the URL - character by character for banking sites
Never click links in SMS/WhatsApp for banking or government sites
Use bookmarks for frequently visited important sites
Enable browser security features
When in doubt, don’t proceed - call the official helpline instead