How do I validate a website?
27-Aug-23 10:25pm
#1 Miranda
On mobile phone, Android, how do I validate a website? How can I tell that it's authentic? A woman in our town bought furniture on a website that looked exactly like the Ashley website. It wasn't. The site was fake and they ripped her off for well over $1,000. I'm looking at getting a sofa in a couple of months and I don't want to get ripped off. I have no idea how to tell if a site is real. I looked at the site she used before it got pulled. It looked just like the Ashley website.
#1 Miranda
On mobile phone, Android, how do I validate a website? How can I tell that it's authentic? A woman in our town bought furniture on a website that looked exactly like the Ashley website. It wasn't. The site was fake and they ripped her off for well over $1,000. I'm looking at getting a sofa in a couple of months and I don't want to get ripped off. I have no idea how to tell if a site is real. I looked at the site she used before it got pulled. It looked just like the Ashley website.
28-Aug-23 5:41am
#2 bill
I'm no expert. I'd suggest googling this. e.g. https://www.google.c... gives lots of good pages that talk about it (it's complicated, unfortunately).
Don't use the word "validate" when you search, though. That has a specific meaning for websites that is not what you want. There are HTML validators that check if the language a site is written in is correct, but that has nothing to do with scams.
#2 bill
I'm no expert. I'd suggest googling this. e.g. https://www.google.c... gives lots of good pages that talk about it (it's complicated, unfortunately).
Don't use the word "validate" when you search, though. That has a specific meaning for websites that is not what you want. There are HTML validators that check if the language a site is written in is correct, but that has nothing to do with scams.
28-Aug-23 7:02am
#3 benstylus
Rule number 1 is never follow links from email ads or social media posts. So many of those are scams.
Always go directly to the store's website by typing the URL or using a bookmark you have saved. If you don't know it, it should be easy enough to find out with a quick Google or Wikipedia search. It's too easy to spoof links.
#3 benstylus
Rule number 1 is never follow links from email ads or social media posts. So many of those are scams.
Always go directly to the store's website by typing the URL or using a bookmark you have saved. If you don't know it, it should be easy enough to find out with a quick Google or Wikipedia search. It's too easy to spoof links.
28-Aug-23 1:15pm
#4 Miranda
Okay. Thank you, both. Scared me when she got hit. That website looked 100% legit.
#4 Miranda
Okay. Thank you, both. Scared me when she got hit. That website looked 100% legit.
28-Aug-23 1:34pm
#5 benstylus
Sometimes changing a lower case L to an upper case i can fool people too.
ashleyfurniture.com and ashIeyfurniture.com look identical in a lot of fonts.
#5 benstylus
Sometimes changing a lower case L to an upper case i can fool people too.
ashleyfurniture.com and ashIeyfurniture.com look identical in a lot of fonts.
28-Aug-23 2:11pm
#6 Foxhack
benstylus wrote:
Rule number 1 is never follow links from email ads or social media posts. So many of those are scams. Always go directly to the store's website by typing the URL or using a bookmark you have saved. If you don't know it, it should be easy enough to find out with a quick Google or Wikipedia search. It's too easy to spoof links.
I wouldn't trust Google either. Their search results are often infested with links to unrelated stuff or scam sites.
#6 Foxhack
benstylus wrote:
Rule number 1 is never follow links from email ads or social media posts. So many of those are scams. Always go directly to the store's website by typing the URL or using a bookmark you have saved. If you don't know it, it should be easy enough to find out with a quick Google or Wikipedia search. It's too easy to spoof links.
I wouldn't trust Google either. Their search results are often infested with links to unrelated stuff or scam sites.
28-Aug-23 2:34pm
#7 sa330206
I dont know how easy it is to spoof a certificate, but a bad cert is one indication of a scam. In most browsers, you can click the little lock icon next to the URL to verify the certificate is valid. If it's not then that should be a big red flag.
#7 sa330206
I dont know how easy it is to spoof a certificate, but a bad cert is one indication of a scam. In most browsers, you can click the little lock icon next to the URL to verify the certificate is valid. If it's not then that should be a big red flag.
28-Aug-23 3:03pm
#8 benstylus
Foxhack wrote:
benstylus wrote:> Rule number 1 is never follow links from email ads or social media posts. So many> of those are scams.> > Always go directly to the store's website by typing the URL or using a bookmark you> have saved. If you don't know it, it should be easy enough to find out with a quick> Google or Wikipedia search. It's too easy to spoof links. I wouldn't trust Google either. Their search results are often infested with links to unrelated stuff or scam sites.
Ashley is a nationwide chain, so I was thinking of the Google result that pops up at the side of the window for the local store. It might have the website info.
#8 benstylus
Foxhack wrote:
benstylus wrote:> Rule number 1 is never follow links from email ads or social media posts. So many> of those are scams.> > Always go directly to the store's website by typing the URL or using a bookmark you> have saved. If you don't know it, it should be easy enough to find out with a quick> Google or Wikipedia search. It's too easy to spoof links. I wouldn't trust Google either. Their search results are often infested with links to unrelated stuff or scam sites.
Ashley is a nationwide chain, so I was thinking of the Google result that pops up at the side of the window for the local store. It might have the website info.
28-Aug-23 3:53pm
#9 KCPenguins
Don't use debit. Only use credit. Debit is on you to get your money back. Credit is on the CC company to get their money back. Obviously be responsible with any CC.
#9 KCPenguins
Don't use debit. Only use credit. Debit is on you to get your money back. Credit is on the CC company to get their money back. Obviously be responsible with any CC.
29-Aug-23 10:21pm
#10 Anxiouz
If I visit a new site, even when it looks legit, I check out the About Us and Contact pages to see what they look like before making a purchase. A single typo, odd grammar, or inconsistent formatting in any fashion is a red flag.
If I see an ad that interests me I usually just google the company name and when it's legit the ad is usually still available via the site as they just want to get new customers.
#10 Anxiouz
If I visit a new site, even when it looks legit, I check out the About Us and Contact pages to see what they look like before making a purchase. A single typo, odd grammar, or inconsistent formatting in any fashion is a red flag.
If I see an ad that interests me I usually just google the company name and when it's legit the ad is usually still available via the site as they just want to get new customers.
30-Aug-23 11:40am
#11 Alaisiagae
Would the availability of https indicate a website's legitimacy? I can't claim to understand web code or how the internet works. 🙃
#11 Alaisiagae
Would the availability of https indicate a website's legitimacy? I can't claim to understand web code or how the internet works. 🙃
30-Aug-23 11:53am
#12 sa330206
Alaisiagae wrote:
Would the availability of https indicate a website's legitimacy? I can't claim to understand web code or how the internet works. 🙃
It's one indicator if the cert is properly signed. I'm just not sure how easy it is to spoof but still something to check (look above a few posts where I mention it, you need to click the lock icon). Https by itself doesn't really mean much though.
#12 sa330206
Alaisiagae wrote:
Would the availability of https indicate a website's legitimacy? I can't claim to understand web code or how the internet works. 🙃
It's one indicator if the cert is properly signed. I'm just not sure how easy it is to spoof but still something to check (look above a few posts where I mention it, you need to click the lock icon). Https by itself doesn't really mean much though.
31-Aug-23 2:49pm
#13 John
KCPenguins wrote:
Don't use debit. Only use credit. Debit is on you to get your money back. Credit is on the CC company to get their money back. Obviously be responsible with any CC.
Just to clarify on this... For both credit and debit cards (with a Visa or MC logo), it is up to the CC company to get the money back. You will get it back. With a debit card, it will be out of your account UNTIL you finally get it back. With a credit card, you aren't out anything while you wait. But, again, in both cases, the responsibility to get it back and the liability that is covered are the same -- it is just a matter of where the "missing" money is until it is resolved. With debit, it is missing from your account. With credit, it is just missing from the CC's accounting.
#13 John
KCPenguins wrote:
Don't use debit. Only use credit. Debit is on you to get your money back. Credit is on the CC company to get their money back. Obviously be responsible with any CC.
Just to clarify on this... For both credit and debit cards (with a Visa or MC logo), it is up to the CC company to get the money back. You will get it back. With a debit card, it will be out of your account UNTIL you finally get it back. With a credit card, you aren't out anything while you wait. But, again, in both cases, the responsibility to get it back and the liability that is covered are the same -- it is just a matter of where the "missing" money is until it is resolved. With debit, it is missing from your account. With credit, it is just missing from the CC's accounting.
31-Aug-23 2:52pm
#14 John
So, the issue with certificates is that they are easy to get for the fake website too.
Like Ben said, these two URLs are completely different websites:
ashleyfurniture.com
ashIeyfurniture.com
The may look the same depending on the font on your device, but they are completely different sites. But I can get a certificate for the fake one just as easily as the real one. So, I could easily make it so that the fake site shows as "secure" when using HTTPS.
So, the cert basically means nothing in that regard. Once they can get you to the fake site, it is easy to have a certificate that is perfectly "valid" for the fake site.
#14 John
So, the issue with certificates is that they are easy to get for the fake website too.
Like Ben said, these two URLs are completely different websites:
ashleyfurniture.com
ashIeyfurniture.com
The may look the same depending on the font on your device, but they are completely different sites. But I can get a certificate for the fake one just as easily as the real one. So, I could easily make it so that the fake site shows as "secure" when using HTTPS.
So, the cert basically means nothing in that regard. Once they can get you to the fake site, it is easy to have a certificate that is perfectly "valid" for the fake site.
31-Aug-23 4:28pm
#15 KCPenguins
John wrote:
KCPenguins wrote:> Don't use debit. Only use credit. Debit is on you to get your money back. Credit> is on the CC company to get their money back. Obviously be responsible with any> CC. Just to clarify on this... For both credit and debit cards (with a Visa or MC logo), it is up to the CC company to get the money back. You will get it back. With a debit card, it will be out of your account UNTIL you finally get it back. With a credit card, you aren't out anything while you wait. But, again, in both cases, the responsibility to get it back and the liability that is covered are the same -- it is just a matter of where the "missing" money is until it is resolved. With debit, it is missing from your account. With credit, it is just missing from the CC's accounting.
Yeah, good clarification. From my experience with a CC being stolen vs someone else's with a debit. Mine was a 3 minute phone call and the expenses were gone. My acquaintance with the debit card took days to get the money back into their account.
#15 KCPenguins
John wrote:
KCPenguins wrote:> Don't use debit. Only use credit. Debit is on you to get your money back. Credit> is on the CC company to get their money back. Obviously be responsible with any> CC. Just to clarify on this... For both credit and debit cards (with a Visa or MC logo), it is up to the CC company to get the money back. You will get it back. With a debit card, it will be out of your account UNTIL you finally get it back. With a credit card, you aren't out anything while you wait. But, again, in both cases, the responsibility to get it back and the liability that is covered are the same -- it is just a matter of where the "missing" money is until it is resolved. With debit, it is missing from your account. With credit, it is just missing from the CC's accounting.
Yeah, good clarification. From my experience with a CC being stolen vs someone else's with a debit. Mine was a 3 minute phone call and the expenses were gone. My acquaintance with the debit card took days to get the money back into their account.
31-Aug-23 11:24pm
#16 Miranda
John wrote:
. Like Ben said, these two URLs are completely different websites: ashleyfurniture.com ashIeyfurniture.com
That's scary. Those two web addresses are identical on my device. Every single letter is the same font. A couple of days after I posted this I saw something where they gave the same type of example you gave, but it was for a bank. The a in each of the links was a different font. The address is you posted are exactly the same for me. Every letter.
#16 Miranda
John wrote:
. Like Ben said, these two URLs are completely different websites: ashleyfurniture.com ashIeyfurniture.com
That's scary. Those two web addresses are identical on my device. Every single letter is the same font. A couple of days after I posted this I saw something where they gave the same type of example you gave, but it was for a bank. The a in each of the links was a different font. The address is you posted are exactly the same for me. Every letter.
31-Aug-23 11:33pm
#17 Miranda
Thank you everyone for the information. I appreciate it. That web address thing is freaking me out. They look identical to me. The other post I saw listed two websites that looked identical to me. It called for you to find what was wrong with them. I looked at those links for at least 5 minutes and I couldn't find the problem once they pointed it out to me I saw the difference in "a". That isn't the case with those two addys here. They look identical. I went through letter by letter. I can't tell the difference on my device. Cripes, the stuff they come up with.
#17 Miranda
Thank you everyone for the information. I appreciate it. That web address thing is freaking me out. They look identical to me. The other post I saw listed two websites that looked identical to me. It called for you to find what was wrong with them. I looked at those links for at least 5 minutes and I couldn't find the problem once they pointed it out to me I saw the difference in "a". That isn't the case with those two addys here. They look identical. I went through letter by letter. I can't tell the difference on my device. Cripes, the stuff they come up with.
1-Sep-23 8:33am
#18 John
So, in the second one, the "L" in "ashley" is actually a capital I. In other words, in all caps, they would be this:
ASHLEYFURNITURE.COM
ASHIEYFURNITURE.COM
The lowercase "L" and "I" both look identical in most variable-width fonts. They are completely identical on my devices also.
To be fair, I actually disagree some with Foxhack above. If you go to Google and search for "Ashley Furniture", the proper result is right there at the top as the first result. Getting one of those fakes at the TOP of Google's results -- or even on the first page of Google results -- would be nearly impossible or cost a lot of money (and would be very, very temporarily there if someone did manage to pull it off).
Google's results for normal things like this (large, name-brand companies) are simply NOT normally "infested with ... scam sites", IMO.
They usually try to get you to those scam sites by linking from other sites or junk sites with cheap ads or email scams. That sort of thing. Rarely are they ranking on Google anywhere.
#18 John
So, in the second one, the "L" in "ashley" is actually a capital I. In other words, in all caps, they would be this:
ASHLEYFURNITURE.COM
ASHIEYFURNITURE.COM
The lowercase "L" and "I" both look identical in most variable-width fonts. They are completely identical on my devices also.
To be fair, I actually disagree some with Foxhack above. If you go to Google and search for "Ashley Furniture", the proper result is right there at the top as the first result. Getting one of those fakes at the TOP of Google's results -- or even on the first page of Google results -- would be nearly impossible or cost a lot of money (and would be very, very temporarily there if someone did manage to pull it off).
Google's results for normal things like this (large, name-brand companies) are simply NOT normally "infested with ... scam sites", IMO.
They usually try to get you to those scam sites by linking from other sites or junk sites with cheap ads or email scams. That sort of thing. Rarely are they ranking on Google anywhere.
1-Sep-23 8:41pm
#19 Anxiouz
Wow, didn't see the I vs L at all. That's wild!
As for the HTTP vs HTTPS...all it takes to get an SSL certificate is $. If it's a fake site they can fake it being a business.
I believe most browsers throw a bunch of messages at you if a site doesn't use HTTPS. But I've bought certs for sites I built for people and it's really not a big deal at all. You want to use HTTPS for sure when logging in or giving payment info (generally speaking) but don't count on HTTPS meaning you are on a legitimate site.
#19 Anxiouz
Wow, didn't see the I vs L at all. That's wild!
As for the HTTP vs HTTPS...all it takes to get an SSL certificate is $. If it's a fake site they can fake it being a business.
I believe most browsers throw a bunch of messages at you if a site doesn't use HTTPS. But I've bought certs for sites I built for people and it's really not a big deal at all. You want to use HTTPS for sure when logging in or giving payment info (generally speaking) but don't count on HTTPS meaning you are on a legitimate site.
2-Sep-23 11:43am
#20 John
Anxiouz wrote:
As for the HTTP vs HTTPS...all it takes to get an SSL certificate is $. If it's a fake site they can fake it being a business.
It doesn't even take that. LetsEncrypt is free and commonly used now. I use it all over the place.
I believe most browsers throw a bunch of messages at you if a site doesn't use HTTPS. But I've bought certs for sites I built for people and it's really not a big deal at all. You want to use HTTPS for sure when logging in or giving payment info (generally speaking) but don't count on HTTPS meaning you are on a legitimate site.
#20 John
Anxiouz wrote:
As for the HTTP vs HTTPS...all it takes to get an SSL certificate is $. If it's a fake site they can fake it being a business.
It doesn't even take that. LetsEncrypt is free and commonly used now. I use it all over the place.
I believe most browsers throw a bunch of messages at you if a site doesn't use HTTPS. But I've bought certs for sites I built for people and it's really not a big deal at all. You want to use HTTPS for sure when logging in or giving payment info (generally speaking) but don't count on HTTPS meaning you are on a legitimate site.
How do I validate a website?