How to Spot a Fraudulent Website

Risqi Rizal/

Internet is home to approx. 1.7 billion websites. Unfortunately, many of these websites live to scam you out of your personal data or money. Here are some signs to look out for to spot a fraudulent website.

Double check the URL name

The first thing you need to do before visiting a site is to make sure the domain name is the one you intend to visit. Fraudsters create fake sites pretending to be an official entity, usually in the form of an organization you would probably recognize, such as Amazon, PayPal or Wal-Mart. Sometimes the difference between the real site name and the scam site name is almost imperceptible. For example, the cybercriminal can create a site using, but you think you are visiting

The cybercriminal, or “threat actor,” can trick you into visiting the fraudulent site in two ways. The first is to use a method known as “Phishing.” Phishing is a form of cyberattack that is done primarily through email. The threat actor tries to trick you into clicking a link in the email which will then redirect you to a fraudulent copy of the site real web.

The threat actor may also trick you into visiting the fraudulent site using a method known as “typosquatting.” Typosquatting uses common misspellings in domain names (eg, to trick users into visiting fraudulent websites. You think you entered the domain name correctly, but you are actually visiting a fraudulent copy of the genuine site. If you’re lucky, your web browser will warn you.

A pop-up message asking if you wanted to visit another site.

Regardless of how you access the site, once you log into this scam website, the threat actor will harvest your login credentials and other personal data, such as your credit card information , then use those credentials themselves on the actual website or any other website where you use the same login credentials.

RELATED: Why should you use a password manager and how to get started

The first and easiest way to spot a fraudulent website is to make sure the domain name is the one you really intend to visit.

Look for the padlock, then look harder

When visiting a website, look for the padlock to the left of the URL in the address bar. This padlock indicates that the site is secured with a TLS/SSL certificate, which encrypts the data exchanged between the user and the website.

The SSL certificate padlock.

If the website has not received a TLS/SSL certificate, an exclamation mark ( ! ) will appear to the left of the domain name in the address bar. If a site is not TLS/SSL certified, any data you send is at risk of being intercepted.

The downside is that not all SSL certificates are genuine. These sites are usually detected fairly quickly, but it’s always best to look a little closer at the padlock to be sure. Unfortunately, you can only dig deeper if you’re browsing the web using a desktop computer.

First click on the padlock, then click on “The connection is secure” in the context menu.

Click The connection is secure.

If the certificate is valid, then you will see the text “Certificate is valid” in the next menu. Go ahead and click on it for more details.

Click Certificate is valid.

A new window displaying certificate information will appear. You can check where the certificate was issued, by whom it was issued, and when it expires.

Certificate information.

Although it may not always protect you from scammers, the padlock (and certificate information) is a good indicator that you are visiting a legitimate site.

RELATED: How to avoid online scams and fake health products

Check the site’s privacy and return policies

Fraudulent websites usually don’t go as far as genuine websites concern privacy and return policies, if at all. For example, Amazon has a pretty deep analysis Return policy and privacy policy which details everything the customer needs to know about each respective policy.

If a site has a poorly written return or privacy policy, that should set off some red flags. If a site has not stated these policies at all on their website, avoid them at all costs as the site is likely a scam site.

Check spelling, grammar and user interface

A spelling or grammatical error is likely to occur from time to time, even on the most reliable websites. However, most websites have teams of professionals creating these websites. If a website looks like it was created in a day by one person, is riddled with spelling and grammatical errors, and has questionable character user interface (UI), you may be visiting an unsafe website.

RELATED: How to Avoid Fake and Fraudulent Amazon Sellers

Use a site scanner

If you want to add another layer of protection between you and fraudulent websites (and also warn you if you visit one), use a site scanner such as McAfee SiteAdvisor.

These tools crawl the web and test sites for spam and malware. If you visit a dangerous (or potentially dangerous) site that the program determines may contain dangerous content that could harm your PC, you will be warned and asked to confirm that you still want to access the site when you try to visit it.

A website status notification.

Although site scanners are helpful in spotting a potentially fraudulent website, not all fraudulent websites will be flagged. While you use them as an extra layer of protection, always be aware of the sites you visit.

What to do if you’ve been scammed

If you’re the victim of an online scam, there are a few steps you can take to protect yourself (and potentially protect others). What you should do next depends on what kind of information you think the scammer may have about you.

If you bought something using your credit or debit card from the scam site, the first thing to do is call your bank immediately and let them know what happened. They go freeze your accounts and maps so that the threat actor can no longer buy anything with your details.

If you believe the threat actor may also have your personal information, such as your social security number, date of birth, address, etc., you’ll want to freeze your credit so that the fraudster cannot contract any loan or open an account in your name.

Once this is done, file a report with your local police, notify the Internet Crime Complaint Center (IC3), and report the site to Google.

RELATED: Privacy and security: what’s the difference?

About Sandra A. Powell

Check Also

How Google’s Latest Anti-Spam Update Could Hurt Your Music Website

For musicians, having an easily accessible website is crucial. However, Google has recently tightened its …