français
deutsch
русский
日本らしさ
español
Türkçe
português
o‘zbek
қазақ тілі
кыргызча
тоҷикӣ
हिन्दी
Sometimes it is enough to carefully study the page to notice something is wrong. We've collected five red flags and tips for safe surfing.
When to be wary
A familiar page has an unusual or strange design
The Internet is full of duplicate sites of well-known social networks, marketplaces and banks. They all pursue one goal: to obtain passwords and bank card data from users who do not notice the substitution. An indicator of a phishing site may be the handicraft of the visuals, for example, unusual colors for the brand, a lot of animation and pop-up clickbait advertising in the spirit of “The astrologer told what awaits Aries in 2024...”. Criminals can also copy a version of a site that was current several years ago. It is also worth paying attention to unformatted text, strange fonts, typos and grammatical errors. This usually does not happen on authentic websites of large companies.
It is not clear how the site uses personal data
Almost no one reads long confidentiality agreements. But in vain: this is an important step. Especially on resources that require registration using personal data. This is your full name, address, phone numbers, and sometimes full passport details. These sites should tell you exactly how they will use your information. Also, the Privacy Policy usually indicates who has access to your data and to what extent. If you do not study the document, you run the risk of giving your consent to transfer data to third parties.
You should also take care of your digital footprint: make sure that the web page will not remember your IP addresses or cookies. They also belong to personal data, since they can easily be used to identify the user. Their storage requires the consent of the person himself. This is why most websites you visit for the first time ask you for permission to use cookies. If you do not consent, the site will still work. This applies to any resource: from a platform for buying tickets to opening an online bank account.
Financial organizations have to be especially careful about the protection of personal data. They usually think through protection systems as carefully as possible. For example, VTB, in order to minimize risks, created a VTB ID service. It gives the right to access partner sites with the credentials used in the bank. To join the service, all partner sites first undergo authentication with VTB ID. Then the client agrees to the use of his data - and only then login becomes possible. You can revoke permission at any time in VTB Online. The bank does not transfer the client’s logins, passwords and financial information to the partner.
The site does not use the HTTPS protocol
A unique address on the Internet, or URL, is also an indicator that will help identify an unsafe site. Trusted resources use the https protocol instead of http. The letter S means the presence of a safety certificate. It ensures that the data sent from the computer to the hosting is encrypted and is not so easy to intercept.
You can understand how encryption works using a simple example. Data exchange on the Internet occurs through service centers of providers. Information sent through a site with an insecure http protocol can be compared to an unsealed postcard in the mail. Anyone can view its contents. A message sent according to https rules is a package with a lock, and a double one. The code is set by the providers of both the sender and the recipient. Therefore, data, for example, of the bank card with which you buy goods in a reliable online store, becomes inaccessible to third parties.
The browser doesn't like the page
Modern browsers, regardless of the operating system of your computer or smartphone, perform a basic security check of websites. The results of such a check can be found in the address bar. As a rule, they distinguish three degrees of resource reliability: the connection is secure, not secure, and dangerous. These signals should not be ignored.
The first category includes all sites that operate using the https protocol, the second - those without it. This does not mean that site administrators with an unsecured connection are necessarily scammers who will steal data. Connecting an encryption protocol to your resource is the right of the site owner, not his responsibility. You can open and read such a page, but leaving personal data is risky. “Dangerous” browsers include sites with a tarnished reputation—those with evidence of data theft or leakage. It is better to close these immediately.
The site does not display a security certificate
A security certificate (SSL) is exactly what is hidden behind the letter S in the acronym https. Browsers check for its presence on their own, but sometimes it doesn’t hurt to examine it further. For example, if you register for the first time in a new online store. In addition, scammers may simply add https to the site name, in the hope that visitors will not look at the address bar. You can view your security certificate information by clicking the padlock to the left of the URL in your browser's address bar. It comes in three types and can be referred to by different abbreviations.
- Domain Validation (DV). The simplest certificate confirming a domain. Available to everyone immediately after the site is created.
- Organization Validation (OV). Confirms that a specific domain belongs to a specific organization. For example, that the website of a conditional insurance company was actually created by it. To obtain it, additional verification is required by a special certification center.
- Extendet Validation (EV). This is a document of the highest confidence. By issuing it, the certification authority examines the organization as thoroughly as possible. This type is usually used by sites that store a lot of important information: banks, online stores, social networks.
There is also a seal of trust. It is included with the SSL certificate or purchased separately. It is a picture-logo of the inspection center; it can usually be seen in the footer of the site or on the payment pages.
How to minimize risks
Check sites on third-party resources
There are so-called security scanners - special services that analyze a page for vulnerabilities. If the browser has not notified you that the site is suspicious, but you still have doubts, then they can do all the work of initially checking the resource for you. As a rule, they operate simply: you enter the URL into a special field, click “Check” and get a verdict.
Use different passwords and authentication systems
Many people probably know about the need to come up with complex passwords. But even reliable combinations should not be used for different sites and services. The weakness of such protection is obvious: as soon as attackers learn the security code for one resource, they will gain access to all of a person’s pages - even the most sensitive ones, such as banking applications and Government Services. To avoid writing down codes from dozens of sites in your notes, use password managers. Then you only have to know one security key.
The most secure services are those in which the security of login data is enhanced using biometrics. These, for example, are used by VTB Bank. All bank clients have a VTB ID key. With its help, you can access more than 130 websites of the bank’s partners. For authorization, a face image and fingerprints or a one-time code from SMS are used.
Update your antivirus software regularly
In addition to its basic task - protection against viruses - such software can often warn about suspicious links and sites. Some antivirus programs block access to the most dangerous resources, so you won’t be able to open them even if you really want to. Timely updating ensures that the program will be able to recognize more and more modern methods of deception.
VTB Bank (PJSC). General license No. 1000 for banking operations, issued by the Central Bank of the Russian Federation on July 8, 2015.