Fake websites cost consumers billions every year. They clone legitimate sites pixel-for-pixel, register convincing domain names, and even buy SSL certificates so you see the reassuring padlock icon. Here are 12 reliable methods for checking whether a website is real — ranked from quickest to most thorough.
1. Examine the URL Carefully
This catches the majority of fakes in under 5 seconds. Look at the domain — the part between https:// and the next /.
- Character substitution:
amaz0n.com(zero instead of "o"),paypa1.com(one instead of "l"),rnicrosoft.com("rn" instead of "m") - Extra words:
amazon-account-verify.com,paypal-login-secure.com— the real company name is there, but the domain is owned by someone else - Wrong TLD:
amazon.net.coinstead ofamazon.com - Subdomains used to deceive:
amazon.com.fake-domain.xyz— everything beforefake-domain.xyzis just a subdomain. The actual owner isfake-domain.xyz
Read the domain right to left. The real owner is determined by the last two segments (or three, for country-code TLDs like .co.uk).
Have a link you're unsure about?
Paste it here — we'll check it against 70+ threat databases.
Free · No signup required · Cmd+Enter to scan
2. Check the SSL Certificate (But Don't Stop There)
Click the padlock icon in your browser's address bar and view the certificate details. Look for who the certificate was issued to.
Important caveat: an SSL certificate doesn't mean a site is safe. Free certificates from Let's Encrypt are available to anyone, including scammers. The padlock only means the connection is encrypted — not that the entity on the other end is trustworthy. In fact, over 80% of phishing sites now use HTTPS.
What the certificate can tell you: if it's an Extended Validation (EV) certificate, the issuer verified the company's legal identity. These show the company name in the certificate details. Most phishing sites use Domain Validation (DV) certificates that only verify domain ownership.
3. Look Up the Domain Age on WHOIS
Go to whois.domaintools.com or who.is and enter the domain. Check the "Created Date."
Scam sites are almost always new. If a website claims to be an established company but the domain was registered 3 weeks ago, that's a major red flag. Legitimate businesses have domains that are years or decades old.
Also check: Is the registrant information hidden behind privacy protection? While many legitimate sites use privacy services, it's another data point. Is the registrar known for lax abuse policies?
4. Search for Reviews Outside the Site
Don't trust reviews on the website itself — those are easily faked. Instead:
- Search for
"[website name]" + scamor"[website name]" + review - Check Trustpilot, Better Business Bureau, and Sitejabber
- Look at Reddit discussions — search
site:reddit.com "[website name]"
No reviews at all can be just as telling as negative reviews. A legitimate business that's been operating for any length of time will have some online footprint.
5. Check the Contact Information
Legitimate businesses provide:
- A physical address (search it on Google Maps — is it a real commercial location or a random residential address?)
- A phone number (call it — does someone answer?)
- An email address on their own domain (not a Gmail address)
Fake sites often have no contact page, only a web form, or list an address that turns out to be a vacant lot, a UPS store, or an address in a different country than they claim to operate in.
6. Inspect the Website Design and Content
Look for signs of a hastily built site:
- Placeholder text: "Lorem ipsum" or text that doesn't make sense in context
- Broken links: Click the navigation menu — do all the pages work? Fake sites often only build the homepage and the checkout page.
- Stolen content: Copy a paragraph and search for it in quotes on Google. If it appears word-for-word on other sites, the content was plagiarized.
- Inconsistent branding: Different logos on different pages, mismatched color schemes, or fonts that change throughout the site
- Low-quality images: Blurry product photos, stock photos with watermarks, or images stolen from legitimate retailers
7. Analyze the Pricing
If a site sells luxury goods at 70-90% off retail, it's almost certainly fake. Nobody sells legitimate Gucci bags for $45 or Ray-Ban sunglasses for $15. Scam shopping sites rely on prices that are too good to resist — that's the hook.
Compare prices with major retailers. If the deal seems unrealistically good, it is.
8. Check the Payment Methods
Legitimate online stores accept credit cards (with standard payment processors like Stripe or PayPal). Be suspicious if a site:
- Only accepts wire transfers, cryptocurrency, or gift cards
- Asks you to send money through Zelle, Venmo, or Cash App
- Redirects payment to a different domain
- Uses a payment page that doesn't match the site's branding
Credit cards offer the best fraud protection. If a site steers you away from credit card payment, ask yourself why.
9. Use Google's Transparency Report
Google maintains a Safe Browsing tool at transparencyreport.google.com/safe-browsing/search. Enter the URL and Google will tell you if the site has been flagged for phishing, malware, or other unsafe content.
Limitation: new scam sites may not be flagged yet. Google's database is reactive, not proactive — a site needs to be reported or detected before it's flagged.
10. Check Social Media Presence
Search for the company on major social media platforms. Look for:
- Verified accounts (blue checkmarks on platforms that still offer meaningful verification)
- Account age — was it created recently?
- Engagement — do posts have real comments from real people, or are they empty?
- Consistency — does the social media presence match what the website claims?
Many fake shopping sites create social media accounts to look legitimate, but these accounts typically have very few followers, no real engagement, and a creation date close to the website's launch.
11. Look for a Return Policy and Terms of Service
Legitimate e-commerce sites are required by law in most jurisdictions to have clear return policies, terms of service, and privacy policies. Scam sites either:
- Don't have these pages at all
- Copy them from other sites (search a unique phrase in quotes)
- Have policies with a different company name (leftover from whatever template they used)
- Include terms that are clearly unreasonable (e.g., "all sales are final, no refunds under any circumstances")
12. Use a Scam Detection Tool
When you want a quick, comprehensive check, paste the website URL or its content into IsThisAScam. The tool checks the content for known scam patterns, evaluates the language and claims being made, and provides a risk assessment. This is especially useful for sites that look professional but have subtle red flags that are easy to miss in a manual review.
Real Example: Spotting a Fake Online Store
Our team recently analyzed a site posing as a discount designer shoe outlet. Here's what the check revealed:
URL:
designer-shoes-outlet-sale.com
Domain age: 18 days
SSL: Free DV certificate from Let's Encrypt
Contact: Gmail address, no phone number, address led to a parking lot in Delaware
Prices: 85-90% off retail on all items
Payment: Accepted credit cards but also prominently featured a "10% discount for Zelle payments"
Social media: Instagram account with 47 followers, created 2 weeks ago
Every single check was a red flag. Individually, some might have explanations — but together, they paint a clear picture of a fraudulent operation.
What to Do If You've Already Made a Purchase on a Fake Site
If you realize you've entered payment information or completed a purchase on a fraudulent website, act quickly:
- Contact your credit card company or bank immediately. Request a chargeback for the transaction. Explain that the merchant is fraudulent. Credit card purchases offer the strongest consumer protection — under the Fair Credit Billing Act, you can dispute charges for goods not received or not as described.
- Change your passwords. If you created an account on the fake site using a password you use elsewhere, change that password on every other site immediately. If the fake site's login page was actually a phishing page mimicking a real service (like a fake Amazon that steals your real Amazon password), change your Amazon password first.
- Monitor the email address you used. The fake site now has your email. Expect phishing emails and spam. Be extra cautious about emails arriving at that address in the coming weeks.
- Report the website. Submit it to Google Safe Browsing, the FTC, and the domain registrar's abuse contact. The more reports, the faster the site gets taken down and blocked by browsers.
- Check your credit card statements for the next 90 days. Some fraudulent merchants make additional unauthorized charges days or weeks after the initial transaction.
Browser Extensions and Tools for Automatic Protection
Several browser extensions can warn you about suspicious websites automatically:
- Google Safe Browsing is built into Chrome, Firefox, and Safari. It warns you before you visit known phishing or malware sites. Make sure it's enabled in your browser settings.
- uBlock Origin blocks known malicious domains in addition to ads. It's free and open-source.
- Your antivirus software's browser extension (if you use one) often includes web protection that checks URLs against threat databases in real time.
These tools catch known threats but can't identify brand-new scam sites. For new or borderline cases, manual verification — or using a tool like IsThisAScam — remains essential.
Quick Checklist
Save this for next time you're evaluating an unfamiliar website:
- Is the URL exactly right? (No extra characters, substitutions, or extra words)
- Is the domain more than a year old?
- Are there independent reviews?
- Is there real contact information?
- Are the prices realistic?
- Does the site accept standard payment methods?
If more than one check fails, don't purchase from the site. You can always verify it with IsThisAScam in seconds.
Found a suspicious website? Check it now for free →