How to Spot a Fraudulent Website

Risqi Rizal/

The internet is home to around 1.7 billion websites. Unfortunately, many of these websites live to scam you out of your personal data or money. Here are some signs to look out for to spot a fraudulent website.

Double check the URL name

The first thing you need to do before visiting a site is to make sure the domain name is the one you intend to visit. Fraudsters create fake sites pretending to be an official entity, usually in the form of an organization you would probably recognize, such as Amazon, PayPal or Wal-Mart. Sometimes the difference between the real site name and the scam site name is almost imperceptible. For example, the cybercriminal can create a site using, but you think you are visiting

The cybercriminal, or “threat actor,” can trick you into visiting the fraudulent site in two ways. The first is to use a method known as “phishing”. Phishing is a form of cyberattack that is done primarily through email. The threat actor tries to trick you into clicking a link in the email which will then redirect you to a fraudulent copy of the real website.

The threat actor may also trick you into visiting the fraudulent site using a method known as typosquatting. Typosquatting uses common misspellings in domain names (eg, to trick users into visiting fraudulent websites. You think you entered the domain name correctly, but you are actually visiting a fraudulent copy of the genuine site. If you’re lucky, your web browser will warn you.

A pop-up message asking if you wanted to visit another site.

Regardless of how you access the site, once you log into this scam website, the threat actor will harvest your login credentials and other personal data, such as your credit card information , then use those credentials themselves on the actual website or any other website where you use the same login credentials.

RELATED: Why should you use a password manager and how to get started

The first and easiest way to spot a fraudulent website is to make sure the domain name is the one you really intend to visit.

Look for the padlock, then look harder

When visiting a website, look for the padlock to the left of the URL in the address bar. This padlock indicates that the site is secured with a TLS/SSL certificate, which encrypts the data exchanged between the user and the site.

The SSL certificate padlock.

If the website has not received a TLS/SSL certificate, an exclamation mark ( ! ) will appear to the left of the domain name in the address bar. If a site is not TLS/SSL certified, any data you send is at risk of being intercepted.

The downside is that not all SSL certificates are genuine. These sites are usually detected fairly quickly, but it’s always best to look a little closer at the padlock to be sure. Unfortunately, you can only dig deeper if you’re browsing the web using a desktop computer.

First click on the padlock, then click on “The connection is secure” in the context menu.

Click The connection is secure.

If the certificate is valid, then you will see the text “Certificate is valid” in the next menu. Go ahead and click on it for more details.

Click Certificate is valid.

A new window displaying certificate information will appear. You can check where the certificate was issued, by whom it was issued, and when it expires.

Certificate information.

Although it may not always protect you from scammers, the padlock (and certificate information) is a good indicator that you are visiting a legitimate site.

RELATED: How to avoid online scams and fake health products

Check the site’s privacy and return policies

Fraudulent websites usually don’t go as far as genuine websites concern privacy and return policies, if at all. For example, Amazon has a fairly comprehensive return policy and privacy policy that details everything the customer needs to know about each respective policy.

If a site has a poorly written return or privacy policy, that should set off some red flags. If a site has not stated these policies at all on their website, avoid them at all costs as the site is likely a scam site.

Check spelling, grammar and user interface

A spelling or grammatical error is likely to occur from time to time, even on the most reliable websites. However, most websites have teams of professionals creating these websites. If a website looks like it was created in a day by one person, is full of spelling and grammatical errors, and has a questionable user interface (UI), you might be visiting a dangerous website.

RELATED: How to Avoid Fake and Fraudulent Amazon Sellers

Use a site scanner

If you want to add another layer of protection between you and fraudulent websites (and also warn you if you visit one), use a site scanner like McAfee SiteAdvisor.

These tools crawl the web and test sites for spam and malware. If you visit a dangerous (or potentially dangerous) site that the program determines may contain dangerous content that could harm your PC, you will be warned and asked to confirm that you still want to access the site when you try to visit it.

A website status notification.

Although site scanners are helpful in spotting a potentially fraudulent website, not all fraudulent websites will be flagged. While you use them as an extra layer of protection, always be aware of the sites you visit.

What to do if you’ve been scammed

If you’re the victim of an online scam, there are a few steps you can take to protect yourself (and potentially protect others). What you should do next depends on what kind of information you think the scammer may have about you.

If you bought something using your credit or debit card from the scam site, the first thing to do is call your bank immediately and let them know what happened. They will freeze your accounts and cards so that the threat actor can no longer buy anything with your details.

If you suspect the threat actor may also have your personal information, such as your social security number, date of birth, address, etc., you’ll want to freeze your credit so the scammer can’t take out any loans. or open accounts in your name.

Once this is taken care of, file a report with your local police, notify the Internet Crime Complaint Center (IC3), and report the site to Google.

RELATED: Privacy and security: what’s the difference?

About Madeline Powers

Check Also

Veteran K-drama star Bae Yong Joon sparks acting retirement rumor as official website goes on sale

Actor Bae Yong Joon’s official website, which has been around for nearly 20 years, has …