Scam websites are getting harder to spot. Here are 12 concrete red flags — from payment methods to domain age — that expose a scam site in under 60 seconds.
You found a deal. The website looks clean. The product photos are sharp. The price is good — not suspiciously good, just good. You’re about to enter your card details.
Stop. Give it 60 seconds.
Scam websites have gotten remarkably sophisticated. AI tools let anyone spin up a professional-looking store in an afternoon. The old advice — “look for the padlock” — is useless when every scam site has free SSL. The new red flags are subtler, but they’re still there if you know where to look.
This guide walks through 12 specific checks you can run on any website before you trust it with your data, your money, or your identity.
Scam websites are born and die fast. A domain registered two weeks ago claiming to be “a trusted retailer since 2015” is lying.
How to check: Use any WHOIS lookup tool. Look at the creation date.
Red flag: Domain registered within the last 3-6 months, especially if the site claims to be an established business.
Nuance: Some legitimate businesses register new domains for product launches or rebrands. But a “10-year-old company” on a 2-month-old domain should make you pause.
This is the single most reliable scam indicator. Scammers need payment methods they can disappear with.
Instant red flag — only accepts:
Green flag — offers:
A store that only takes irreversible payment methods is designed so you can’t get your money back.
Before buying, search the domain name plus words like “scam,” “review,” “legit,” or “complaint.” Real victim reports show up fast.
Where to search:
[domain] scam or [domain] review[domain] on r/Scams or related subredditsWhat to trust: Detailed first-person accounts with specific dates, order numbers, and outcomes. Be skeptical of reviews that are either all-perfect or all-vague — both can be manufactured.
Legitimate businesses have real locations. Scam sites list fake addresses, PO boxes, or no address at all.
Check: Find the address in the footer, About page, or Contact page.
Verify:
Red flag: The address is a PO box, a co-working space with no verified tenancy, or maps to a residential apartment building.
A real business answers when you reach out. A scam operation won’t.
Quick test:
Many scam sites don’t create original content — they copy it from legitimate sites.
How to detect cloning:
"this exact sentence"Product images: Reverse-search product photos on Google Images. If the same photos appear on dozens of different stores with different names, they’re dropshipped from a supplier catalog — the “store” is just a middleman who may or may not deliver.
Scam sites either have no return policy or have one designed to make returns impossible.
Red flags in return policies:
What’s normal: 14-30 day return windows, clear conditions, and a return address in the same country where the store claims to operate.
Scam sites often have social media links in the footer. But having a link and having a presence are different things.
Click the links and check:
A legitimate small business might have modest social media. But a “trusted retailer” with zero social footprint is suspicious.
Yes, every site has SSL now. But the type of SSL certificate still tells you something.
How to check: Click the padlock icon in your browser → Certificate details.
What you’ll see:
The absence of OV/EV doesn’t prove a site is a scam. But the presence of EV is a meaningful positive signal — scammers rarely go through that verification process.
Before entering payment details on an unfamiliar site, run it through a trust audit tool. These tools check dozens of signals simultaneously:
A trust score gives you a quick risk assessment. If the score is low or the tool flags multiple issues, don’t enter your information — regardless of how good the deal looks.
Scammers use urgency to override your critical thinking. The goal is to make you act before you have time to verify.
Common urgency tactics:
Legitimate sales have real deadlines. But a site that manufactures false scarcity on every visit is manipulating you, not informing you.
Your subconscious processes dozens of signals you’re not consciously aware of. If something feels off — the design is almost right but not quite, the English is slightly unnatural, the prices are just a little too good, the product range seems random — that instinct is usually picking up on something real.
Don’t dismiss it. Verify it. Run the 11 checks above. If two or more come back negative, walk away.
If you entered payment information on a scam site:
Scam detection isn’t paranoia — it’s a 60-second habit. Before you enter payment information on any unfamiliar website:
Five checks. Sixty seconds. The cost of skipping them is far higher than the cost of running them.
Disclaimer: This article is for educational purposes and does not constitute legal or financial advice.
Check any website in 10 seconds
Paste a URL. Get a full trust audit — domain reputation, fraud signals, monetization analysis.
Run a free scan