Every day, people enter their credit card numbers, passwords, and personal information into websites that look legitimate but aren't. Fake login pages, copycat shopping sites, and phishing pages have gotten very convincing. Here's how to check before you trust.
Check for HTTPS (The Padlock)
Look at the address bar in your browser. A safe website starts with https:// — the "s" stands for secure. Most browsers also show a small padlock icon next to the address.
Important caveat: HTTPS means the connection between you and the site is encrypted — it does NOT mean the site itself is trustworthy. A scam website can have HTTPS. It just means no one can intercept what you're sending.
Think of it as a sealed envelope: HTTPS means your information travels safely. It doesn't tell you who's opening the envelope on the other end.
Check the Domain Name Carefully
Scammers create websites with names that look almost right:
amazon-deals.cominstead ofamazon.compaypa1.cominstead ofpaypal.com(that's a number 1, not an L)netflix-account-verify.cominstead ofnetflix.com
Always look at the actual domain — the part right before .com, .net, or .org. That's the real website name. Everything before it is just a subdomain.
Rule of thumb: If you got to a website by clicking a link in an email or text message, verify the domain carefully before entering any information. When in doubt, open a new tab and go directly to the site you're trying to reach.
Look for Contact Information
Legitimate businesses have contact information. If you can't find a phone number, email address, or physical address anywhere on the site — that's a red flag.
You can also search for the business name + "reviews" or "scam" to see what others have found.
Check When the Domain Was Registered
Scam websites are often brand new. You can look up any domain at whois.domaintools.com and see when it was registered. If a site claiming to be a well-known store was registered last month, something is wrong.
Look for Trust Seals — But Don't Trust Them Blindly
Many legitimate shopping sites display security badges (Norton, McAfee, BBB, etc.). However, anyone can copy and paste an image of these badges onto their site.
If you see a trust seal, click it. A real badge should link to a verification page from the company that issued it. If clicking it does nothing or takes you to a generic page, it's fake.
Use Google's Safe Browsing Check
Google maintains a database of dangerous websites. You can check any URL at:
transparencyreport.google.com/safe-browsing/search
This won't catch everything, but it will flag known phishing and malware sites.
When Something Feels Off, Trust That Feeling
If a deal seems too good to be true, if the site looks slightly unprofessional, if you're being rushed to enter information — slow down. Scammers rely on urgency and distraction. Taking 30 extra seconds to verify a site is always worth it.
If you've already entered information on a site you're now unsure about, contact us — we can help you figure out what to do next.