← Blog / Scam Detection

How to Check if a Website Is a Scam: 12 Red Flags to Test Before You Trust

Scam websites are getting harder to spot. Here are 12 concrete red flags — from payment methods to domain age — that expose a scam site in under 60 seconds.

July 9, 2026 11 min read by Jask

You found a deal. The website looks clean. The product photos are sharp. The price is good — not suspiciously good, just good. You’re about to enter your card details.

Stop. Give it 60 seconds.

Scam websites have gotten remarkably sophisticated. AI tools let anyone spin up a professional-looking store in an afternoon. The old advice — “look for the padlock” — is useless when every scam site has free SSL. The new red flags are subtler, but they’re still there if you know where to look.

This guide walks through 12 specific checks you can run on any website before you trust it with your data, your money, or your identity.

1. Check the Domain Age

Scam websites are born and die fast. A domain registered two weeks ago claiming to be “a trusted retailer since 2015” is lying.

How to check: Use any WHOIS lookup tool. Look at the creation date.

Red flag: Domain registered within the last 3-6 months, especially if the site claims to be an established business.

Nuance: Some legitimate businesses register new domains for product launches or rebrands. But a “10-year-old company” on a 2-month-old domain should make you pause.

2. Examine the Payment Methods

This is the single most reliable scam indicator. Scammers need payment methods they can disappear with.

Instant red flag — only accepts:

  • Bank transfer / wire transfer
  • Cryptocurrency
  • Gift cards
  • Payment apps like Cash App, Zelle, or WeChat (no buyer protection)

Green flag — offers:

  • Credit card processing (chargeback protection)
  • PayPal (180-day buyer protection)
  • Apple Pay / Google Pay (tokenized, biometric-secured)

A store that only takes irreversible payment methods is designed so you can’t get your money back.

3. Search for the Domain + “Scam” or “Review”

Before buying, search the domain name plus words like “scam,” “review,” “legit,” or “complaint.” Real victim reports show up fast.

Where to search:

  • Google: [domain] scam or [domain] review
  • Reddit: [domain] on r/Scams or related subreddits
  • Trustpilot: search the domain directly
  • Better Business Bureau (US)

What to trust: Detailed first-person accounts with specific dates, order numbers, and outcomes. Be skeptical of reviews that are either all-perfect or all-vague — both can be manufactured.

4. Look for a Physical Address — Then Verify It

Legitimate businesses have real locations. Scam sites list fake addresses, PO boxes, or no address at all.

Check: Find the address in the footer, About page, or Contact page.

Verify:

  • Paste it into Google Maps — does it resolve to a residential home, an empty lot, or a completely different business?
  • Some scammers use the address of a real, unrelated business. Call the business and ask if they’re affiliated.

Red flag: The address is a PO box, a co-working space with no verified tenancy, or maps to a residential apartment building.

5. Test the Contact Information

A real business answers when you reach out. A scam operation won’t.

Quick test:

  • Send an email to their support address. Does it bounce? Does it go unanswered for days?
  • Is there a phone number? Call it. Does it ring endlessly, go to a generic voicemail, or connect to someone who has no idea about the website?
  • Is the only contact method a web form with no email address visible? That’s a shield, not a channel.

6. Check for Cloned Content

Many scam sites don’t create original content — they copy it from legitimate sites.

How to detect cloning:

  • Copy a unique sentence from the About page or product description
  • Search it in Google with quotes: "this exact sentence"
  • If the same text appears on multiple unrelated sites, it was likely copied

Product images: Reverse-search product photos on Google Images. If the same photos appear on dozens of different stores with different names, they’re dropshipped from a supplier catalog — the “store” is just a middleman who may or may not deliver.

7. Inspect the Return Policy and Terms

Scam sites either have no return policy or have one designed to make returns impossible.

Red flags in return policies:

  • “All sales final” on a site you’ve never heard of
  • Returns must be shipped internationally at your expense
  • “Contact us within 7 days to request return authorization” — but no response when you do
  • Vague language with no specific timeframes or conditions
  • No return policy page at all

What’s normal: 14-30 day return windows, clear conditions, and a return address in the same country where the store claims to operate.

8. Evaluate Social Media Presence

Scam sites often have social media links in the footer. But having a link and having a presence are different things.

Click the links and check:

  • Account creation date — brand new with few posts?
  • Follower-to-engagement ratio — 50K followers but 2 likes per post? Bought followers.
  • Comment quality — real comments from real customers, or generic praise from accounts with no profile photos?
  • Does the account respond to questions and complaints, or is it a one-way broadcast?

A legitimate small business might have modest social media. But a “trusted retailer” with zero social footprint is suspicious.

9. Check the SSL Certificate Details — Not Just the Padlock

Yes, every site has SSL now. But the type of SSL certificate still tells you something.

How to check: Click the padlock icon in your browser → Certificate details.

What you’ll see:

  • Domain Validated (DV): Only confirms domain control. Costs nothing. Every scam site has this. Tells you nothing about trust.
  • Organization Validated (OV): The certificate authority verified the organization exists. Costs money. Rarely used by throwaway scam sites.
  • Extended Validation (EV): Requires extensive legal/organizational verification. Historically showed the company name in the address bar.

The absence of OV/EV doesn’t prove a site is a scam. But the presence of EV is a meaningful positive signal — scammers rarely go through that verification process.

10. Scan with a Trust Audit Tool

Before entering payment details on an unfamiliar site, run it through a trust audit tool. These tools check dozens of signals simultaneously:

  • Domain reputation and age
  • DNS configuration (MX, SPF, DKIM, DMARC records)
  • Blacklist status across multiple databases
  • Security headers and server configuration
  • Content quality and originality
  • Known scam patterns

A trust score gives you a quick risk assessment. If the score is low or the tool flags multiple issues, don’t enter your information — regardless of how good the deal looks.

11. Watch for Artificial Urgency

Scammers use urgency to override your critical thinking. The goal is to make you act before you have time to verify.

Common urgency tactics:

  • Countdown timers that reset when you reload the page
  • “Only 3 left in stock!” that never changes
  • “Sale ends in 2 hours!” — but the same price is available tomorrow
  • Pop-ups claiming other people are buying the item right now
  • “Your cart will expire in 10 minutes”

Legitimate sales have real deadlines. But a site that manufactures false scarcity on every visit is manipulating you, not informing you.

12. Trust Your Gut — Then Verify

Your subconscious processes dozens of signals you’re not consciously aware of. If something feels off — the design is almost right but not quite, the English is slightly unnatural, the prices are just a little too good, the product range seems random — that instinct is usually picking up on something real.

Don’t dismiss it. Verify it. Run the 11 checks above. If two or more come back negative, walk away.

What to Do if You’ve Already Been Scammed

If you entered payment information on a scam site:

  1. Contact your bank immediately — Request a chargeback (credit cards) or fraud report (debit cards). The sooner you report, the better your chances.
  2. Change passwords — If you created an account, the password may be compromised. Change it everywhere you used it.
  3. Monitor your accounts — Watch for unauthorized charges over the next 30-90 days.
  4. Report the site — File reports with:
    • FTC (US): reportfraud.ftc.gov
    • IC3 (US): ic3.gov
    • Your country’s consumer protection agency
    • Google Safe Browsing
  5. Warn others — Post on Reddit, Trustpilot, or social media. Your report could save someone else.

The Bottom Line

Scam detection isn’t paranoia — it’s a 60-second habit. Before you enter payment information on any unfamiliar website:

  1. Check the domain age
  2. Verify payment methods offer buyer protection
  3. Search for “[domain] scam”
  4. Look for a real, verifiable address
  5. Run a trust audit scan

Five checks. Sixty seconds. The cost of skipping them is far higher than the cost of running them.

Disclaimer: This article is for educational purposes and does not constitute legal or financial advice.

Check any website in 10 seconds

Paste a URL. Get a full trust audit — domain reputation, fraud signals, monetization analysis.

Run a free scan