Updated on: August 26, 2024
Short on time? Here’s how to identify fake websites:
- 1. Use a Reliable Antivirus. Install a quality antivirus like Norton. Ensure its web protection is turned on.
- 2. Use Link Checker Tools. Go to norton.safeweb.com or Google’s Transparency Report and paste the website’s address in the search box.
- 3. Leverage Your Browser’s Security Settings. Go to your browser’s security and privacy settings and turn all protective features on.
- 4. Exercise Caution. Read URLs carefully, check reviews and forums, be wary of enticing deals, and look out for design flaws.
Many fake websites closely mimic trusted brands like Amazon, Netflix, postal services, and others. They entice you with sales or giveaways that are too good to be true — like iPhones and shopping vouchers. Set up by scammers, these sites aim to steal your information, money, and even identity.
There are various telltale signs that you’ve landed on a scam website. For instance, poor grammar, suspiciously low prices, and URLs that misspell real brand names. Recognizing these (and many other) red flags can prevent you from compromising your personal details or making unsafe payments.
However, recognizing these signs isn’t always enough by itself. Using a good antivirus product like Norton 360 is crucial. It blocks known scam sites automatically, which keeps you much safer online. Discover everything you need to know about identifying and avoiding fake websites in this complete guide.
What Are Fake Websites?
Fake websites are insidious imitations of legitimate sites, designed by scammers to trick you into giving them your personal and financial information. Here’s a breakdown of the most common types and their deceptive strategies:
- Discount e-stores: These sites offer incredible discounts on high-demand items, often promoted through social media. While they promise great deals, at best they’ll send you counterfeit goods, and at worst they’ll steal your credit card information.
- Phishing sites: Mimicking the login pages of banks or popular services like Netflix, these sites lure you through emails claiming your account security is at risk. Once you enter your credentials, fraudsters gain access to your accounts.
- Tech support scams: By impersonating customer support pages, scammers convince you to allow remote access to your computer, ostensibly to fix non-existent problems.
- Healthcare scams: Fake Medicare or health insurance sites ask you to “confirm” your details, targeting your valuable healthcare information.
- Package delivery frauds: With the surge in online shopping, these sites claim to be from well-known couriers like UPS or FedEx, tricking you into providing personal and payment details under the guise of addressing delivery issues.
- Fraudulent travel booking sites: These websites offer too-good-to-pass-up deals on flights, but they either steal personal information like passport numbers or sell non-existent tickets.
- Fake news sites: These websites mimic reputable news outlets to spread misinformation or sensational stories, often to gather personal data or to sway public opinion for political purposes.
- Charity scam websites: Scammers create sites that impersonate legitimate charitable organizations, appealing for donations that go directly into their pockets rather than helping the stated cause.
Being aware of these specific types of fake websites and their tactics can help you steer clear of potential scams and safeguard your personal data.
10 Ways to Identify a Fake Website
Though there are many ways to identify a fake website, here are 10 of the best methods:
1. Use Antivirus Software
Antivirus software is the most reliable protection against fake sites. It helps you avoid inadvertently giving away personal information, downloading malware, or falling victim to other scams.
These programs typically include web protection features that constantly analyze the websites you attempt to visit. They use large databases of known phishing sites, malicious URLs, and criteria for suspicious web behavior to assess each site’s safety in real time.
When you try to visit a website, the antivirus software checks it against these databases. If the site is known for hosting malware, scams, or phishing attempts, the antivirus will block the site and alert you of the potential danger.
Some advanced antivirus apps like Norton use heuristic analysis and artificial intelligence to detect new and emerging threats. This means that even if a fake website has not been previously flagged in the database, the antivirus can still identify unusual patterns or malicious code that suggests it could be risky.
2. Check the Website’s Encryption Certificate
Verifying the encryption status (SSL/TLS certificate) of a website is a crucial step in determining its legitimacy. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates are digital certificates that authenticate the website’s identity and establish an encrypted connection between your browser and the website’s server.
When you visit a website, look for a padlock icon next to the URL in the browser’s address bar. This icon indicates that the site has an SSL/TLS certificate, suggesting that the data you send and receive from the site is encrypted and secure.
However, simply having a certificate isn’t enough, as fraudsters can obtain basic SSL certificates for fake sites. Therefore, click on the padlock to view the certificate details: check the issuing authority, the validity period, and the name on the certificate.
Make sure the details align with the website you believe you’re visiting. A mismatch, or a certificate issued by a non-reputable authority, can be a red flag indicating a potentially fake website. This level of scrutiny helps you avoid scams and protect your personal information.
3. Use Link Checker Tools
When you input a URL into a link checker tool, it assesses the website against comprehensive databases of known malicious or phishing sites. These databases are regularly updated with new threats as they’re discovered. The tool checks various aspects of the website, including its hosting details, historical security incidents, and associations with any known security threats.
For example, tools like Norton’s SafeWeb will give you a safety rating for the website. It’ll provide details on why a site might be considered unsafe, such as hosting malware, having links to phishing activities, or other suspicious behaviors. If the site is deemed risky, the tool will warn you, offering an explanation about the potential dangers.
Another such tool is Google’s Transparency Report. It offers similar information to Norton’s SafeWeb tool. However, sometimes one may find a URL to be malicious where the other doesn’t — so always check both if you can.
Norton SafeWeb and Google’s Transparency Report allow you to make informed decisions about whether to proceed to a site, helping you avoid traps set by scammers and cybercriminals.
4. Leverage Your Browser’s Security Settings
Whether you’re using Google Chrome, Mozilla Firefox, or any other browser, it’s a good idea to verify and enable the security settings. Your browser has fairly powerful scam and malware detection capabilities that you should take advantage of. Here’s how.
How to Verify Chrome’s Security Settings
Here’s how to do it on Chrome (or skip to the instructions for Firefox, Edge, or Safari).
- Click the 3 dots in the top-right of your Chrome browser. Then, select Settings.
- Click Privacy and security on the left-hand side, then click Privacy Guide.
- Click Next 3 times until you see Choose your Safe Browsing protection. At this point, make sure to click the radio button for Enhanced protection. And you’re all set!
How to Verify Firefox’s Security Settings
- Click the 3 vertical lines in the top right, then Settings.
- Click Privacy & Security, then scroll down until you see Security. From here, I recommend choosing all of the settings you see in the screenshot below.
How to Verify Edge’s Security Settings
- Click the 3 horizontal dots in the top-right corner and then Settings.
- Click Privacy, Search, and Services on the left, then scroll down until you see Security. Make sure to select the settings exactly as I’ve shown in the screenshot below. (Note: You could also select Block potentially unwanted apps if you like, but this isn’t necessary. Just make sure to download stuff from reputable sources only.)
How to Verify Safari’s Security Settings
In Safari’s settings under Security, you’ll see an option for Warn when visiting a fraudulent website. Make sure that’s enabled and you’re good to go.
This covers the most popular browsers, but the process should be quite similar regardless of what browser you’re using.
5. Consult PhishTank
PhishTank is a great resource for identifying phishing websites. You can quickly determine whether a site has been reported as part of a phishing scam by entering its URL.
The tool is community-driven and relies on user submissions to keep its database current and complete. As users report suspicious sites, PhishTank verifies these submissions, and once confirmed, adds them to its list of known phishing sites. This system helps ensure that the database is both up-to-date and reliable.
Many cybersecurity tools and browser extensions also integrate PhishTank’s data to provide real-time warnings against phishing attempts. By consulting PhishTank before interacting with unfamiliar sites, you can significantly reduce your risk of falling victim to phishing and safeguard your sensitive information.
6. Read and Check the URL Very Carefully
Reading URLs carefully is crucial for identifying fake websites. Here’s what to look out for:
- Brand name misrepresentation or misspelling: Scammers frequently mimic legitimate brand names with minor alterations. A common trick is to swap letters or add extra characters that are easy to overlook, such as ‘rnicrosoft.com’ instead of ‘microsoft.com’. These small changes can deceive you if you’re not attentive.
- Unexpected domain extensions: While not always indicative of fraud, unusual domain extensions like .biz, .info, or .top, rather than typical top-level domains (TLDs) like .com, .ca, .co.uk, .com.au, .co, .org, or .net, should prompt further investigation.
- Subdomains and excessive length: Be cautious of URLs that use unnecessary long paths or subdomains, which can obscure the main domain and create a false sense of legitimacy, for example, “official-amazon.deals.example.com”.
- HTTPS presence: Always ensure the URL begins with ‘https://’, which signifies SSL or TLS protection. However, remember that while this indicates data encryption, it doesn’t guarantee the site’s legitimacy.
- Domains appearing as numerical values: If you come across a URL that only has numbers, close the site immediately and never go back.
By scrutinizing URLs for these signs, you can avoid deceptive sites that aim to compromise your online security.
7. Check User, Google, and Trustpilot Reviews (if Available)
Social proof is one of the most powerful tools websites use to establish trust. Always check out user, Google, and Trustpilot reviews if they’re available. This is particularly important when dealing with new online shopping websites.
When investigating these reviews, scrutinize their authenticity and diversity. A credible website will generally display a mixture of both positive and negative reviews, reflecting genuine customer experiences.
Be wary of sites that present only flawless reviews, which could be artificially created to mislead you. Conversely, an abundance of negative reviews can signal poor service or potential scams. Also, expand your review search beyond one platform to get a comprehensive understanding of the site’s reputation.
Recent, detailed reviews are particularly valuable, as they provide specific insights and are more likely to reflect the current state of the website. By thoroughly assessing user reviews, you can better determine a site’s reliability and safeguard yourself from fraudulent online entities.
8. Check Forums Like Quora and Reddit
Just like user reviews, exploring platforms like Quora and Reddit can provide additional insights into a website’s credibility. These forums are rich with user-generated content and discussions.
On Quora, users pose questions and share detailed experiences and opinions, which can highlight both positive aspects and potential issues with a website. Similarly, Reddit hosts numerous community-driven discussions where users freely discuss their experiences and warn others about potential scams.
Both platforms feature real-time, uncensored feedback and can cover niche topics or lesser-known websites that might not appear on mainstream review sites. By checking these sources, you can tap into a broader variety of opinions and personal experiences that provide a more nuanced view of a website’s trustworthiness.
9. Look for Design Flaws
Design flaws can be a telltale sign of a fake website. Legitimate websites generally invest in a professional and cohesive look, ensuring that the layout, typography, and graphics are of high quality.
In contrast, fake sites often display poor design elements such as mismatched fonts, low-resolution images, and inconsistent formatting. Grammatical errors and spelling mistakes in the website content can also indicate a lack of professionalism typical of scam sites.
Additionally, if a website features hard-to-navigate interfaces or broken links, it may suggest that the site was hastily set up with the primary aim of deceiving visitors. By paying attention to these design inconsistencies and errors, you can assess whether a site might be untrustworthy.
10. Scrutinize Deals
When evaluating deals on websites, it’s crucial to scrutinize offers that appear too good to be true. Scam websites often lure visitors with deals offering significantly lower prices than market value on popular items, which can be a red flag.
Before making a purchase, compare the prices with those on known, reputable sites. If the discount is excessively steep without a clear reason such as a closing down sale or an official clearance event, proceed with caution.
Also, look for fine print or hidden fees that might be obscured in the buying process. Such tactics are designed to attract impulsive buyers. Always research the website’s reputation and read customer reviews. This helps you make sure that the site has a history of fulfilling orders properly before giving it your money.
Best Antiviruses for Identifying Fake Websites in 2024
Quick summary of the best antiviruses for identifying fake websites:
- 🥇 1. Norton 360 — Best antivirus with excellent web protection & a secure browser.
- 🥈 2. Bitdefender — Lightweight yet powerful antivirus with great web protection.
- 🥉 3. TotalAV — Easy-to-use and beginner-friendly antivirus with helpful extras.
What to Do if You’ve Fallen for a Fake Website Scam
Here’s what I recommend doing if you’ve fallen victim to a fake website scam:
- Run a full antivirus scan: Start by running a full scan using your antivirus software to detect any malware that may have been downloaded onto your device. Norton 360 is my favorite option and comes with features that can identify and remove malicious software. This is a critical first step in ensuring your device is clean and secure.
- Change your passwords: Immediately update your passwords, especially for accounts you accessed while interacting with the suspect site. Ensure each password is strong and unique. Using a top password manager like 1Password can help you create and secure passwords and manage them easily.
- Contact your bank: If you’ve entered financial information, contact your bank or credit card provider immediately. They can monitor your accounts for suspicious activity and, if necessary, issue new cards to prevent fraudulent transactions. In many cases, your credit card issuer can also initiate a chargeback, which means you’ll get your money back.
- Monitor your accounts: Keep a close eye on your bank statements, credit card statements, and any online accounts for signs of unauthorized transactions. Early detection can help you respond quickly to identity theft.
- Report the scam: Notify the relevant authorities about the scam. Reporting it to online fraud databases can also help prevent others from falling victim. In the US, you can report scams to the Federal Trade Commission (FTC) through its website.
- Educate yourself on online security: Take this experience as an opportunity to educate yourself about online security best practices. Learning more about how to identify secure websites can prevent future incidents.
How to Report a Website as Fake
Reporting a fake website is an important step in helping to protect yourself and others from potential scams. To do this effectively:
- Gather evidence: Before you report the website, ensure you have as much information as possible. This includes the URL of the site, any correspondence you’ve had with the site operators, and screenshots of the site that prove its suspicious nature.
- Contact relevant authorities: In the US, you can report fraudulent websites to the Federal Trade Commission (FTC) through its website. Additionally, you can file complaints with the Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center.
- Notify your internet service provider: If the fake website is hosted by a recognizable provider, report the site to them directly. Most have established processes for handling reports of fraudulent activities on hosted websites.
By taking these steps, you can help contribute to a safer internet experience for everyone.
Frequently Asked Questions
How do you check if a website is real?
To identify fake websites, check for signs like poor spelling and grammar, odd design elements, and the absence of an SSL/TLS certificate. Also, be wary of deals that seem too good to be true. These can be bait to attract unsuspecting visitors.
It’s a good idea to verify the contact details provided on the site, too. A legitimate website usually lists multiple ways to get in touch — including a phone number, email address, and physical location. If these details are missing or are fake, it’s a red flag that the website might not be genuine.
How do I know if a website is safe?
You can start by checking for an SSL/TLS certificate, which indicates that the site encrypts data transmitted between your browser and the server. A padlock icon in the URL bar indicates the use of TLS/SSL. But just because encryption is essential for security, it doesn’t guarantee that the site is legitimate, as even fraudulent sites can use encryption.
I recommend you also follow our other simple steps for identifying a fake website, including using link checker tools, checking user reviews, and looking at PhishTank.
What can I do if I ordered from a fake website?
Immediately contact your bank or credit card provider to dispute the charges and request a chargeback. This can help recover any money you’ve spent. Also, change any passwords you might have shared with the site.
Report the fraudulent website to authorities like the Internet Crime Complaint Center (IC3) or the Federal Trade Commission (FTC), or the equivalent organizations in your country. These organizations can take further action and help prevent others from falling victim to the same scam. Documenting all communications and transactions related to the purchase will support your case.
How do I know if I got scammed while shopping online?
Signs you’ve been scammed online include not receiving items you paid for, receiving counterfeit, damaged, or significantly different items from what was advertised, and unauthorized charges on your credit card. Often, scammers use fake tracking numbers to pretend they’ve shipped your order.
If you encounter any of these issues, contact the seller directly for resolution. If the response is unsatisfactory or you receive no response, escalate the issue by reporting it to your payment service and seeking a refund. Monitoring your bank statements for unfamiliar transactions is also crucial to catching scams early.