It is well-known that Internet users should be careful and alert when accessing websites. Warnings of, and experiences with, unsafe sites that can infect a user’s device with malware are very common. A variety of antivirus programs and other cybersecurity software are available to protect the public from dangerous websites, and various browsers may automatically block users from accessing insecure locations.
There are many legitimate sites that have been incorrectly marked as insecure (including online survey sites). This results in a decline in traffic and revenue when visitors see the mistaken warning and choose to visit another website, leaving the victimized site to suffer heavy losses.
There are a variety of ways in which a website can be wrongly labeled as unsafe.
When cybersecurity is wrong
Antivirus software is essential for safe internet browsing. It serves to protect users from phishing and scam sites. However, it is not uncommon for cybersecurity software to mistakenly classify legitimate websites as unsafe. These sites can wind up automatically blocked or blacklisted.
This is occasionally due to cybersecurity software being too loose in its definition of “malware”, which can lead it into mistaking a safe website as being malware-ridden. For example, PaidViewpoint is one legitimate survey panel that the cyber-security software Avast had incorrectly marked as a phishing website. Although the issue seems to have resolved itself, this example shows how this software is not infallible.
Other false positives can occur when an antivirus software detects a string in a clean file which is similar to a string in a known virus.1
A website may also wind up the victimized by a hacker, who proceeds to weave viruses into the site. The site may be blacklisted while it is infected, but once it has been fully cleaned of all malware it may still remain labeled as unsafe for a period of time afterward.
Some safe browsing tools that rely on users to rate websites’ safety may show a secure site as dangerous because of poor ratings left behind by displeased visitors who disagreed with the site’s content, opinions, or stance. This unfairly labels the website as unsafe due to the slights of others, and their behavior can cost it dearly.
Expired SSL certificates
Another way that legitimate websites can be incorrectly marked as unsafe is the expiration of their SSL certificates.
SSL certificates act as effective safeguards by encrypting data as it travels across the internet.2 Many websites purchase SSL certificates (including SurveyPolice! Hence our site url, https://www.surveypolice.com) to ensure that online exchanges are secure. Occasionally, a legitimate site will not renew its certificate before its expiration date. When the SSL certificate is not renewed, the website can no longer run secure transactions. However, it does not mean the site isn’t authentic.
By default the SSL software will issue security warnings to the site’s visitors, arousing suspicion against its genuineness and deterring them from remaining.3 When a browser or a server checks a website for an SSL certificate and finds one which has expired, it may show its user an error sign or automatically block the website entirely. Both result in a dramatic drop in traffic and sales, negatively impacting the legitimate website whose sole mistake was not renewing its SSL certificate in time.
With the consequences of an expired SSL certificate being so dire, website owners should seek to keep it renewed before the expiration date. However, the lack of a renewed certificate does not mean that the site is inherently dangerous. If you access a survey site and see this warning, know that if you log into your account, your information will not be transmitted securely; it’s up to you whether you wish to proceed, but if you do, it doesn’t mean the website has necessarily been compromised in any way.
Testing a website’s legitimacy
Despite the various obstacles put in place by mistaken cybersecurity, vengeful poor ratings, and expired SSL certificates, a user can test a website to see if it is genuinely unsafe. There are several different steps that can be taken to verify the safety and authenticity of a website, especially if you think that a survey site you’re a member of has been compromised:
In the browser’s address bar, look for the icon of closed lock to the left of the URL (clicking the lock will give detailed information about the site’s security)
- Look for https:// at the beginning of the URL. Note that not all survey sites use https://, though this greatly preferred.
- Carefully read the URL to ensure it is spelled correctly. An incorrectly spelled url may bring you to a phishing site, or other website with nefarious intentions.
- Check for confusing structure in the writing, and for excessive mistakes in the spelling and grammar4.
- Look at the site’s photographs to see if they are original, and related to the company’s products or services.
- Check to see if the company is mentioned anywhere else on the Web by doing an Internet search of their name.
- Check the domain WHOIS to see who owns the site, and check how long it has existed.5 If ownership has changed and appears suspicious, don’t attempt to log into your account.
- Search for contact information (be wary of only mobile numbers or blank forms)6.
These steps should help determine the legitimacy of a website. However, users should always exercise good judgment and caution, especially when it is a site asks for personal information. If a sense of unease remains after taking the various steps to verify a site’s safety, it is better to play it safe and avoid using the website.
Double check using SurveyPolice
If you’re unsure you’re correctly accessing a certain survey site, you can always use our website to double check. Simply visit the SurveyPolice Directory, click on the online survey site you wish you access, and click the “Join Now” button on their listing. After selecting your country, you will be brought to the survey panel’s website.
Find legitimate online survey sites
Related content: Find out how to correctly identify a survey scam.
Sources:
1. http://www.cgisecurity.com/questions/falsepositive.shtml
2. https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/
3. http://techin.oureverydaylife.com/happens-ssl-certificates-expire-2125.html
4. https://blog.webnames.ca/how-to-determine-if-a-website-is-a-fake-fraud-or-scam/
5. https://blog.webnames.ca/how-to-determine-if-a-website-is-a-fake-fraud-or-scam/
6. http://www.bu.edu/infosec/howtos/how-to-identify-and-protect-yourself-from-an-unsafe-website/