Blog article
See all stories »

How To Determine a Fake Website

There are a lot of scammers out there, and one of the things they do is create fake websites to try to trick you into giving them personal information. Here are some ways that you can determine if a website is fake or not:

How Did I Get Here?

Ask yourself how you got to the site. Did you click a link in an email? Email is the most effective ways scammers direct their victims to fake sites. Same thing goes with links from social media sites, Danger Will Robinson! Don’t click these links. Instead, go to websites via a search through Google or use your bookmarks, or go old school and type it in.

Are There Grammar or Spelling Issues?

Many fake sites are created by foreign entities using “scammer grammar”. So their English is usually broken, and they often make grammar and spelling mistakes. And when they use a translating software, it may not translate two vs too or their vs there etc.

Are There Endorsements?

Endorsements are often seen as safe, but just because you see them on a site doesn’t mean they are real. A fake website might say that the product was featured by multiple news outlets, for instance, but that doesn’t mean it really was. The same goes for trust or authenticating badges. Click on these badges. Most valid ones lead to a legitimate site explaining what the badge means.

Look at the Website Address

A common scam is to come up with a relatively similar website URL to legitimate sites. Ths also known as typosquatting or cybersquatting. For instance, you might want to shop at for a new purse. That is the real site for Coach purses. However, a scammer might create a website like //, or //  Both of these are fake. Also, look for secure sites that have HTTPS, not HTTP. You can also go to Google and search “is legit”, which may pull up sites debunking the legitimacy of the URL.

Can You Buy With a Credit Card? 

Most valid websites take credit cards. Credit cards give you some protection, too. If they don’t take plastic, and only want a check, or a wire transfer, be suspect, or really don’t bother.

Are the Prices Amazing?

Is it too good to be true? If the cost of the items on a particular page seem much lower than you have found elsewhere, it’s probably a scam. For instance, if you are still looking for a Coach purse and find the one you want for $100 less than you have seen on other valid sites, you probably shouldn’t buy it.

Check Consumer Reviews

Finally, check out consumer reviews. Also, take a look at the Better Business Bureau listing for the company. The BBB has a scam tracker, too, that you can use if you think something seems amiss. Also, consider options like, which is a site that collects online reviews for websites. Just keep in mind that some reviews might be fake, so you really have to take a broad view when determining if a site is legit or one to quit.



Comments: (2)

A Finextra member
A Finextra member 23 January, 2019, 08:53Be the first to give this comment the thumbs up 0 likes

Going to disagree with the point about the meaning of an ssl certificate on a web address. HTTPS means that data is sent to the website owner securely. It does not mean that a 3rd party ssl certificate provider has deemed the website itself to be a legitimate site as opposed to a phishing site.

With regards to phishing sites that use "0"s instead of "o"s in their address, there's a newer version of this scam called the Homographic attack. Phishing sites create addresses that combine the latin and cyrillic alphabet. Last year my silver surfing neighbours sent me a link to a too-good-to-be-true offer for free Nike shoes - except the web url was for nї (note the 2 dots above the i in nike)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 January, 2019, 10:06Be the first to give this comment the thumbs up 0 likes

All good points but, I'm afraid, many of these "security measures" have been exploited by fraudsters by now. e.g.

  1. "go to websites via a search through Google". Sadly, 50% of search users can't differentiate between fakeable inorganic / ad and genuine organic search results and click on the fake ad by mistake. This method was exploited by fraudsters who recently launched a phishing attack on cryptowallet users and stole their cryptocoins. In another case, India's dairy giant Amul recently sent a legal notice to Google to remove fake ads for Amul Franchises. Many days after that, the fake ads can still be spotted on Google. Needless to say, Google makes money on those fake ads and has little incentive to pull down those ads.
  2. "type it in". People make typos and fraudsters are waiting with fake websites with similar URLs.
  3. "Look at the Website Address". When people click links in SMS messages on smartphones, the way mobile browsers work (e.g. Samsung Browser), they don't display the URL of the site opened by the click, so people can't look at the URLs.

Not saying we should give up but the above points highlight the need for a disruptive solution in this space. I've come across some attempts (e.g. McAfee SiteAdvisor) but none of them has been able to go mainstream because they seem to have their own shortcomings (e.g. slow speeds).  

Now hiring