Fraudulent websites have become genuinely difficult to spot. A decade ago, a scam site was often obvious: broken English, blurry images, no contact information, and a domain that looked like it had been randomly generated. Today, the best fake stores are near-indistinguishable from real ones. They use professional templates, show realistic customer reviews, display product photography sourced from legitimate suppliers, and have terms and conditions pages that look like real legal documents.
The people running these sites understand that the more legitimate they appear, the more money they collect before people start complaining and the site disappears. Some of them run for months or years.
Protecting yourself is not about looking for obvious flaws. It is about running a few specific checks before you hand over your card details. These checks take about two minutes total and they catch the overwhelming majority of fraudulent sites before you become a victim.
Check the URL Carefully Before Anything Else
The first and most immediate check is the web address in your browser bar. Look at it properly, not just a glance.
Scammers register domains that closely resemble legitimate brands. They might replace a letter with a similar-looking number, add a word to the domain, use a hyphen in an unusual place, or use a different extension. The display name of a website can say absolutely anything, but the domain in the address bar cannot lie about where you actually are.
Some examples of what this looks like in practice: the real website is amazon.com but the fake is amazon-deals.com or arnazon.com. The real site is paypal.com but the fake is paypa1.com or paypal-account-secure.com. These look plausible in a hurry but are completely different domains with no connection to the real company.
Type the addresses of well-known retailers directly into your browser bar rather than clicking links from emails, social media ads, or messages from unknown contacts. This single habit eliminates a significant share of phishing attempts before they have any chance to succeed.
HTTPS Is Necessary But Not Sufficient
Look at the beginning of the address bar. A legitimate site that takes payment should show https:// and usually a padlock icon. The s stands for secure and means your connection to the site is encrypted, which prevents your information from being intercepted in transit.
Here is the important clarification that many people miss: HTTPS tells you the connection is encrypted. It does not tell you that the company on the other end is trustworthy. Scammers use HTTPS on fraudulent sites. Encryption protects your data in transit, but if the destination is a fraudulent site, the data is being encrypted and sent directly to the fraudster.
HTTPS is a necessary condition for a safe site. It is not a sufficient one. A site without HTTPS should be avoided immediately for any payment. A site with HTTPS still needs to pass the other checks below.
Check When the Domain Was Registered
This is one of the most revealing checks you can run and most people do not know about it. When a domain name is registered, that registration date becomes public record and anyone can look it up.
To check a domain’s registration date, go to lookup.icann.org, type the domain name, and look for the field called Creation Date or Registered On in the results. This tells you when the domain was first registered.
A website selling expensive goods or presenting itself as an established business but running on a domain registered three weeks ago is highly suspicious. Legitimate businesses take time to build. Their domains are usually at least a year or two old, often much more.
This check alone catches a large number of scam sites because fraudsters regularly create new domains as old ones get reported and blacklisted. A new domain is not always a red flag in isolation, but combined with other warning signs it is a significant indicator.
Look for Independent Reviews
Any website can display fake reviews on its own pages. What you want to find are reviews on platforms where the business has no ability to edit or delete what is written about them.
Search for the business name followed by the word reviews in Google. Look specifically at results from Trustpilot, Reddit, and the Google Business profile if one exists.
On Trustpilot, pay attention to the pattern of reviews rather than just the score. A business with genuine customers tends to have reviews spread over time, a mix of ratings, and responses from the business to negative reviews. A fake or very new business often has no reviews at all, or a suspicious cluster of five-star reviews all posted within a short period.
On Reddit, search the business name or website domain in the search bar. Communities like r/Scams and r/personalfinance regularly document fraudulent sites with specific details. If a site has scammed people, there is a good chance someone has posted about it.
The absence of any independent reviews for a business claiming to be established is itself meaningful. Genuine customers leave traces. Fake businesses that have never actually served anyone have none.
Verify Contact Information Is Real
Legitimate businesses provide contact information that actually works. Look for a physical address, a phone number, and a customer service email. Then test them.
Send an email to the contact address. See whether you get a real response or a bounce. Call the phone number if one is listed and see whether it connects to a real business. Put the physical address into Google Maps and see whether it corresponds to an actual commercial premises or an empty lot, a residential house, or a location that has nothing to do with the business.
Many fraudulent sites list contact information that is entirely fictional or copied from another site. Some use legitimate-looking addresses that are actually virtual office services designed to make any business look established. A genuine business has genuine contact details that lead somewhere real.
Use Google’s Safe Browsing Tool
Google maintains a continuously updated database of websites that have been flagged for phishing, malware distribution, and other dangerous activity. You can check any website against this database for free.
Go to transparencyreport.google.com/safe-browsing/search, type the full URL of the site you want to check, and Google will tell you whether it has been identified as dangerous.
This will not catch every fraudulent site, particularly new ones that have not yet accumulated reports. But it will immediately flag any known bad actors. Running this check on an unfamiliar site before entering payment details takes about ten seconds.
Look at the Payment Options on Offer
The payment methods a website accepts are a meaningful signal about their legitimacy and about what happens if something goes wrong.
Reputable online stores accept credit cards, debit cards, and often PayPal. These payment methods come with consumer protection. If you make a purchase and the goods never arrive, or turn out to be counterfeit, you can dispute the charge with your card issuer or through PayPal and have a real chance of getting your money back.
Be cautious about any website that only accepts bank transfers, cryptocurrency, wire transfers, gift cards, or money order services. These payment methods are preferred by fraudsters precisely because they are difficult or impossible to reverse. Once the money is gone, it is usually gone permanently.
This does not mean every site that accepts PayPal is legitimate. But a site that exclusively offers non-reversible payment methods while selling expensive products should be treated with extreme skepticism.
Take the Price Seriously as a Signal
If a website is selling a product at a price dramatically below what you can find anywhere else, that gap is telling you something. Products have costs to manufacture, import, and sell. Genuine discounts exist, but they operate within a range. A luxury handbag that retails for four hundred pounds being sold for forty-five pounds is not a deal. It is either counterfeit, non-existent, or both.
This is not about being unable to find good prices online. It is about recognizing when a price is implausible given what the product actually costs. The more expensive the item and the more extreme the discount relative to the market price, the more suspicious the offer should make you.
Urgency tactics reinforce this warning sign. If a site shows countdown timers, warns you there are only two items left, or tells you the price disappears in ten minutes, those are psychological pressure tools designed to make you act before you think. Real businesses have sales. Real businesses do not manufacture artificial urgency to prevent you from taking thirty seconds to verify whether they are legitimate.
When in Doubt, Do Not Buy There
If after all these checks you are still uncertain, the safest decision is simply not to buy from that site. Almost every product sold by an unfamiliar website is also available on a trusted platform or directly from the brand’s official store. Paying slightly more for the same item through a retailer you trust is a straightforward trade-off.
If you want to give an unfamiliar site a chance, make a small low-stakes purchase first. See whether it arrives, whether the quality is as described, and whether customer service is responsive if you have any questions. Then make a larger purchase if everything checks out.
Frequently Asked Questions
Is a padlock icon in the browser bar enough to say a site is safe?
No. The padlock confirms the connection is encrypted. It says nothing about whether the website operator is trustworthy. Fraudulent sites use HTTPS too.
What should I do if I already entered my card details on a suspicious site?
Contact your bank or card issuer immediately. Ask them to flag the card and monitor for unauthorized transactions, or request a replacement card proactively. Check your recent statements and dispute any charges you did not authorize.
Can a website steal my card details just from me visiting it without entering anything?
Visiting a page without entering any information does not expose your card details because you have not provided them. Malware from malicious sites is theoretically possible on unpatched devices, but is uncommon for users with updated browsers and operating systems.
Are social media shopping ads safe to buy from?
Social media platforms do not fully vet their advertisers. Fraudulent stores regularly run paid ads on major platforms. Apply the same checks to any website reached through an ad as you would to any unfamiliar site.
Does a professional-looking website design mean the site is legitimate?
No. Website templates are inexpensive and widely available. Scam sites regularly use polished professional designs. Visual appearance is not a reliable indicator of legitimacy.
