How to Spot a Fake or Scam Website

It’s that time of year when eager shoppers start looking for promising Black Friday and Cyber Monday deals to kick off holiday shopping. Unfortunately, hackers, scammers, and identity thieves are gearing up for the flood of online shoppers too.

Shopping on a fake website could result in your personal or financial information being stolen or your device becoming infected with a virus or malware. Knowing how to spot red flags is crucial but simple once you know what to look for. We’ve got tips, tricks, and tools for checking a website’s legitimacy below.

Avoid Online Scams

Step #1: Pay attention to the address bar

The first thing you want to look for on a website is the https:// at the beginning of the address. The S in https:// stands for secure and indicates that the website uses encryption to transfer data, protecting it from hackers.

If a website uses http:// (no S), that doesn’t guarantee that a website is a scam, but it’s something to watch for. To be on the safe side, you should never enter personal information into a site beginning with http://.

Some internet browsers, like Google Chrome, lend a hand in warning you about unsecured websites. When a site is secure, you may see a small padlock next to the web address, or the address may be highlighted in green. You might also notice the domain name next to the padlock before the https://. That means the website has one of the highest levels of encryption and can be trusted.

Example of a Secure URL: HTTPS
Some browsers highlight unsecured web addresses in red or simply say “Not secure.
Not Secure URL Example
If you’re unsure, you can click on the padlock or “Not secure” notice to see more details about the website’s security. You can also check up on a site through Google’s safe site search. The presence of the https:// doesn’t guarantee security, but it’s a good starting point.
Don’t be fooled by fake logos.
Our Choice
Check sites for logos that indicate which security certifications a website has, like DigiCert, Verisign, or Symantec, for example. A scam site may copy and paste pictures of these logos on their sites. To check whether a certification is valid, click on the logo to see if it opens a new tab with details about the website’s security. If the logo is just a picture and not a button, it’s likely fake.

Step #2: Check the domain name

A favorite trick of scammers is to create websites with addresses that mimic those of large brands or companies, like Yah00.com or Amaz0n.net. Scammers count on you skimming over the address and domain name, so it’s always worth double-checking the address bar if you’re redirected to a website from another page.


Step #3: Look up the domain age

Scammers know that more people will be shopping online during the holidays than usual, so they put together real-looking websites very quickly around those times. By checking the domain age, you can see how long the website has been in business, giving you a better sense of its veracity.

The Whois Lookup domain tracker gives you information about who a domain name is registered to, where they are, and how long the website has been active.

Whois Domain Lookup Website

Step #4: Watch for poor grammar and spelling

An excess of spelling, punctuation, capitalization, and grammar mistakes could indicate that a website went up quickly. Companies with legitimate websites may certainly have the occasional typo but still put effort into presenting a professional website. If a website capitalizes every other word or has a lot of odd phrasing and punctuation, take a closer look.


Step #5: Look for reliable contact information

Look for several ways to contact the company (phone, email, live chat, physical address) and try them out. Does anyone ever answer the phone? Do you get a generic prerecorded voicemail or form email? If the only method of contact is an online email form, proceed with caution.

I once found a series of similar websites that all used the same “live” chat that generated generic responses instead of actually answering my questions. It was a huge tip-off that none of the sites were legit.

Look at what else is on the site.
Our Choice
Legitimate websites should have several extra features like an “About Us” section, terms and conditions, a privacy policy, and, if it’s a shopping site, shipping and returns information. Check out each of those pages to make sure they are there and fully populated with actual information.

Step #6: Use only secure payment options

Shopping websites should offer standard payment options, such as credit cards or PayPal. If a website requires you to use a wire transfer, money order, or other unsecured (and nonrefundable) form of payment, we recommend staying away, even if the rest of the website looks legitimate.


Step #7: Walk away from deals that are too good to be true

Sometimes retailers heavily discount older merchandise to offload excess goods or make room for new products, but if you find a site that has the latest iPad model listed at an 80% discount, walk away. Chances are high that you‘ll never see the goods you purchase or the money you spent.


Step #8: Run a virus scan

An inundation of ads or pop-ups can indicate that a site isn’t secure. Ads themselves aren’t an indication of a problem, but if there are more ads than content or if you have to click through several ads to be redirected to the website, you have cause to be suspicious. There are several free resources that let you do a quick scan for viruses, phishing, malware, and known scam sites:

The best way to protect yourself against malicious websites is to install antivirus software on all your devices and to keep it up to date.

Double-check emailed links.
Our Choice
Be wary of links sent through emails and texts from retailers, people you don’t know, or even your bank or internet provider, especially if they ask you to confirm you financial or personal details. These are common tactics scammers use to attempt to steal your information or infect your device.

Step #9: Do your research beforehand

A quick online search of reviews of a website will tell you a lot. You can research the reputation of the seller through the Better Business Bureau and other official review sites. If there aren’t any customer reviews anywhere, that’s a concern. If you find large numbers of negative reviews, that’s a clear signal to walk away.


Step #10: Be proactive about protecting your information

If you visited a site that seemed sketchy or want to stay on top of protecting your identity, we recommend using a variety of tools: Each of these services offers another way to keep an eye on your personal and financial information.
Best Identity Theft Protection Services
IdentityForce
Best Overall
Zander Insurance
Best for Budget
Experian
Runner-Up

Don’t be fooled; be empowered

Online shopping can be a great and harmless experience as long as you watch out for these red flags and use some caution and common sense. Instead of feeling threatened by all the ways fake websites could fool you, realize that by knowing what to look for, you’re empowered to take control of your online experience.

For more help navigating Black Friday and Cyber Monday, sign up for our newsletter.

  • This field is for validation purposes and should be left unchanged.