How to Tell If a Website Is Actually Safe Before You Type Anything In
- admin cys
- 2 days ago
- 4 min read
A Report by CYS Global Remit Network Admin Support Team
There is a widely repeated piece of advice that has aged poorly: Look for the padlock in the address bar. If it is there, the site is safe. This was never entirely true, and it is even less reliable now. Scammers use HTTPS too. A padlock simply means the connection between your browser, and the site is encrypted; it says nothing about whether the site itself is legitimate.
Fake websites impersonating banks, government agencies, delivery companies, and online shops are common. They are designed to look convincing and to capture your login details, personal information, or payment data the moment you enter them. Knowing how to spot them before you type anything is a valuable skill.
Here are three practical checks anyone can do.
Check 1 — Read the Domain Name Carefully
The domain name is the core address of a website, the part that reads something like 'mybank.com' or 'iras.gov.sg'. Scammers create fake sites with domain names that look almost identical to the real thing, counting on you to glance rather than read carefully.
Common tricks include:
Substituting letters that look similar: 'rnybank.com' instead of 'mybank.com' (that is an 'r' and an 'n' side by side, not an 'm')
Adding words around the real brand: 'mybank-secure-login.com' or 'support-mybank.com'
Using a different top-level domain: 'iras.com' instead of 'iras.gov.sg'
Inserting hyphens: 'my-bank.com' instead of 'mybank.com'
The rule of thumb: before entering any information on a site, look at the address bar and identify the root domain, the last two parts before the first forward slash. For 'secure.payments.mybank.com/login', the root domain is 'mybank.com'. Does that match the organization you think you are dealing with?
If you are ever unsure, do not follow the link at all. Open a new tab, search for the organization directly, and navigate from there.
Check 2 — Use Your Browser's Built-In Safety Features
Modern browsers have security systems that flag suspicious websites automatically. These are worth understanding, so you do not accidentally dismiss a genuine warning.
Microsoft Edge SmartScreen: Edge runs every website you visit against a continuously updated list of known phishing and malware sites. If it detects a match, you will see a full-screen red warning before the page loads. This warning should be taken seriously; Edge's SmartScreen has a strong track record of catching real threats.
Google Chrome Safe Browsing: Chrome uses a similar system. A red warning page with 'Deceptive site ahead' or 'This site may harm your computer' is a signal to stop immediately.
Safari Fraudulent Website Warning: Safari checks sites against a database of known fraudulent pages. If a match is found, Safari blocks the page and displays a warning.
These systems are not perfect and occasionally flag legitimate sites, but when a red warning appears, the correct response is to stop, not to click through anyway.
One more useful browser feature: look at what appears immediately to the left of the web address. A padlock icon means the connection is encrypted (good, but not proof of legitimacy). A warning triangle or the word 'Not Secure' means the connection is not encrypted, do not enter any information at all.
Check 3 — Cross-Reference Against Official Channels
If you receive a link by SMS, email, or messaging app and are unsure whether it is legitimate, the safest approach is always to ignore the link entirely and navigate to the organization independently.
For government services and local organizations in Singapore, the Scam Alert website (scamalert.sg) is a reliable resource maintained by the National Crime Prevention Council. It lists known scam tactics and allows you to check whether a specific website, phone number, or message pattern has been reported.
The ScamShield app, developed in partnership with the Singapore Police Force, can also filter suspicious SMS messages and calls automatically.
For financial websites, your bank's official contact number (printed on the back of your card or on their official website) is always the safest way to verify whether a message or site is genuine.
Red Flags That Should Always Give You Pause
Beyond the three checks above, these are signs that something is likely not right:
The site asks for your password or OTP via a form that appeared in an email or SMS link
The page design looks slightly off, wrong fonts, blurry logos, or awkward spacing
There is an unusual sense of urgency: 'Your account will be suspended in 24 hours'
The website asks for more information than the task requires, a delivery tracking page asking for your full NRIC number, for example
Spelling or grammar errors in the page content or URL
Final Thoughts
Staying safe online does not require paranoia, it requires a few seconds of deliberate attention before you type anything sensitive. Read the domain name. Pay attention to browser warnings. When in doubt, navigate independently rather than following a link.
The most effective scam sites succeed because people act quickly without pausing to check. Slowing down by ten seconds is often all it takes.









