🌐

How to Spot Fake Websites

6 minute read

Learn to tell the difference between legitimate websites and scam sites designed to steal your information.

Scammers create fake websites that look almost identical to the real thing. Their goal? To steal your login credentials, credit card numbers, or personal information. This guide will teach you how to tell the difference between a legitimate site and a fake one.

The Most Important Check: The Web Address

The web address (URL) is your first and most reliable clue. Scammers can copy a website’s appearance perfectly, but they can’t use the real web address—so they create lookalikes.

Understanding Web Addresses

A web address looks like this:

https://www.amazon.com/your-cart

The most important part is what comes before the first single slash (/). That’s the actual domain—the website’s true identity.

In the example above:

  • amazon.com is the real domain
  • /your-cart is just a page on that site

Real vs. Fake: Examples

Web Address Real or Fake? Why?
amazon.com ✅ Real The correct domain
amazon.com.shopping-deals.net ❌ Fake The real domain is “shopping-deals.net”—amazon.com is just decoration
arnazon.com ❌ Fake “rn” looks like “m” at a glance
amazon-login.com ❌ Fake Real Amazon doesn’t use hyphens in their domain
amazon.co ⚠️ Check carefully Different country domain—could be real (.co is Colombia) or a scam
amazonsecure.com ❌ Fake Amazon doesn’t have a separate “secure” site
amazon.com.suspicious.ru ❌ Fake The real domain is “suspicious.ru”

The Scammer’s Favorite Tricks

Trick 1: Putting the real name somewhere in a longer address

  • secure-paypal-login.com (Fake: real domain is “secure-paypal-login.com”, not paypal.com)
  • bankofamerica.account-verify.com (Fake: real domain is “account-verify.com”)

Trick 2: Using letters that look alike

  • paypa1.com (uses the number 1 instead of letter l)
  • arnazon.com (uses “rn” which looks like “m”)
  • bankofamerrica.com (extra “r” that’s easy to miss)

Trick 3: Adding extra words

  • wells-fargo-secure.com (Real Wells Fargo is just wellsfargo.com)
  • apple-support-help.com (Real Apple is just apple.com)
Always read the web address carefully before entering any password or personal information. Take an extra moment—scammers count on you being in a hurry.

The Padlock Myth

You’ve probably heard “look for the padlock” as security advice. While the padlock (🔒) has some meaning, it doesn’t mean what most people think.

What the Padlock Actually Means

The padlock means your connection to that website is encrypted—the data you send travels securely.

What the Padlock Does NOT Mean

❌ The website is legitimate

❌ The company is real

❌ Your information is safe

❌ You can trust the site

Scammers can get padlocks too. Getting a security certificate is free and takes minutes. The padlock only tells you the connection is encrypted—even if you’re securely connected to a thief.

Bottom line: Always check the actual web address, even if you see a padlock.

Visual Warning Signs

Fake websites often have visual clues that something is wrong. Here’s what to look for:

The Website Itself

🚩 Blurry or stretched logos — Real companies use high-quality graphics

🚩 Spelling and grammar errors — Especially in important areas like “Sign In” or “My Account”

🚩 Broken links or missing images — Click around. Does the site work properly?

🚩 Design that looks “off” — Compare to what you remember the real site looking like

🚩 Inconsistent styling — Different fonts, colors, or layouts on different pages

🚩 Only one page works — The login page looks real, but other links go nowhere

Missing Trust Signals

🚩 No contact information — No phone number, no address

🚩 Only a contact form — No way to actually reach a real person

🚩 No “About Us” page — Or one that’s vague and doesn’t say much

🚩 No social media presence — Or accounts with no followers

🚩 Phone number that doesn’t work — Try calling. Does anyone answer?

Checkout Red Flags (For Shopping Sites)

🚩 Only accepts unusual payment methods — Wire transfer, gift cards, cryptocurrency

🚩 Prices that are unrealistically low — 80% off everything? That’s not a sale, that’s a scam

🚩 Constant pressure tactics — “Only 1 left!” “Sale ends in 2 minutes!” “50 people viewing this!”

🚩 No clear return policy — Or one buried in confusing language

How to Verify a Suspicious Website

If you’re not sure whether a website is real, here are ways to check:

Method 1: Search for Scam Reports

Search Google for:

  • “[website name] scam”
  • “[website name] reviews”
  • “[website name] fake”
  • “[website name] complaints”

If others have been scammed, they’ve probably posted about it online.

Method 2: Check When the Website Was Created

Brand-new websites (created in the last few weeks or months) are more suspicious—especially if they claim to be established businesses.

How to check:

  1. Go to whois.com or who.is
  2. Enter the website address
  3. Look at “Created Date” or “Registration Date”

Red flag: A site claiming to be an established retailer but created last month.

Method 3: Find the Real Site Yourself

Instead of clicking a link, find the real website independently:

  1. Open a new browser window
  2. Go to Google
  3. Search for the company name
  4. Click on the result from the company’s real website
  5. Look for the page you need from there

This way you know you’re on the real site.

Method 4: Try the Contact Information

  • Call the phone number listed. Does a real business answer?
  • Look up the address on Google Maps. Does it look like a real business location?
  • A P.O. box or residential address for a major retailer is suspicious

What to Do If You’re on a Suspicious Site

If something seems wrong, take these steps:

If You Haven’t Entered Any Information

  1. Close the browser tab immediately
  2. Don’t click anything else on the site
  3. If you got there from an email, report that email as phishing
  4. Clear your browser history if you’re concerned about tracking

If You Already Entered Information

Username and password:

  1. Go to the real website (find it through Google, not the suspicious link)
  2. Change your password immediately
  3. If you use that password anywhere else, change it there too
  4. Turn on two-factor authentication if available

Credit card or payment information:

  1. Call your bank or credit card company immediately
  2. Report the situation and ask about a new card
  3. Monitor your statements closely for unauthorized charges

Personal information (SSN, date of birth, etc.):

  1. Consider freezing your credit
  2. Monitor your accounts closely
  3. See our full guide: I Think I Was Scammed →

The Golden Rule

When in doubt, don't enter any information. Close the site and find the company another way. If it's a real company with a real need, you can reach them through their verified contact information.

Quick Summary

Check the full URL carefully — Read every character before the first slash

Don’t trust the padlock alone — Scammers have padlocks too

Look for visual red flags — Blurry logos, poor grammar, missing contact info

Search for scam reports — “[site name] scam” often reveals the truth

Find real sites through Google — Don’t rely on links in emails or messages

When in doubt, close the tab — Don’t enter any information