Ten concrete scam website signs anyone can check — from missing contact info to suspicious payment methods. Use this 2026 checklist before you trust any unfamiliar site.
Bottom line up front: Scam websites are polished now, but they keep tripping over the same ten tells. Run this checklist before you hand over an email, a password, or a card number. If three or more signs show up, walk away — or save yourself the reading and run the URL through a free automated trust audit that checks all of them at once.
A clean template, sharp photos, and a padlock icon used to mean a site was probably fine. In 2026 they mean almost nothing. A scammer can buy the same Shopify theme as a real retailer, grab a free SSL certificate in 30 seconds, and fill the pages with AI-written copy. The polish is copied; the business behind it is empty.
What still works is looking for the patterns scammers are too lazy or too cheap to fake. Here are ten signs that expose a scam website, with a quick way to check each one. Treat it as a fake website checker you can run in your head.
A legitimate business wants to be reachable. A scam operation does not, because every conversation is a chance to get caught.
Why it is a red flag: If something goes wrong with your order, you need a way to reach a human. Sites that only offer a web form, a Telegram handle, or a WhatsApp number have built a wall, not a support channel.
How to check: Look in the footer, the Contact page, and the About page. You want a physical address, a professional email on the store’s own domain (support@store.com, not a Gmail address), and ideally a phone number. Then test one of them — paste the address into Google Maps and see whether it resolves to a real business or an empty lot.
Scam sites are disposable. They are born, they take money for a few weeks, and they die — often reappearing under a new name the same day.
Why it is a red flag: A site that claims “10 years of trusted service” on a domain registered six weeks ago is lying. The gap between the claimed history and the actual registration date is the tell.
How to check: Run the domain through a free WHOIS lookup (who.is or lookup.icann.org). Find the Created date. Anything under a few months old deserves extra scrutiny, and a domain registered for only one year is another common pattern — real businesses tend to register for several.
A few typos can happen to anyone. A site riddled with broken English, mismatched fonts, and copy that reads like a bad translation is a different story.
Why it is a red flag: Many scam operations are run at scale from regions where English is not the working language, and they do not bother to proofread. Legitimate businesses fix mistakes because errors cost them sales. Scammers do not care — they will abandon the domain soon anyway.
How to check: Read the product descriptions, the About page, and the FAQ. If the writing is consistently awkward, mixes up brand names, or uses awkward phrasing a native speaker would never write, treat it as a warning, not a quirk.
Scam stores rarely photograph their own products. They scrape images from supplier catalogs, competitor sites, and stock photo libraries.
Why it is a red flag: If the same product photo appears on dozens of unrelated stores under different brand names, the “store” is a reseller shell at best — and a pure scam at worst. When the photos show another brand’s packaging or a competitor’s watermark, that is an outright confession.
How to check: Right-click a product image and search it on Google Images (or TinEye). If the photo is plastered across many sites with different prices and names, you are looking at a dropshipped or stolen catalog, not a real shop.
Plenty of scam sites put social media icons in the footer. Having an icon and having a presence are very different things.
Why it is a red flag: A store claiming thousands of happy customers should leave a footprint somewhere off its own website. An account created last month with five posts and bought followers is a prop, not a community.
How to check: Click every social link. Look at the account creation date, the follower-to-engagement ratio (50,000 followers but two likes per post means bought followers), and the comment quality. Real customers leave real, specific comments. Bot armies leave generic praise.
Scam sites either have no refund policy or one engineered to make getting your money back impossible.
Why it is a red flag: The refund policy is where the operator tells you, in writing, whether they intend to stand behind the product. “All sales final” on a store you have never heard of is a bright red flag.
How to check: Find the Returns / Refund page and read the actual terms. Watch for returns shipped internationally at your expense, return windows of a few days, “contact us for authorization” with no one ever responding, or no policy page at all. A normal store offers a clear 14–30 day window and a return address in the country it claims to operate from.
A branded product sitting at 70% off the price every legitimate retailer charges is bait. The discount is the hook that makes you skip the checks above.
Why it is a red flag: There are only two outcomes when a price is far below market. You pay and nothing arrives, or you receive a cheap counterfeit that looks nothing like the photos. Either way, the price was a lie.
How to check: Search the exact product name on Amazon, the brand’s own store, and one or two other retailers. Compare. When a discount runs past roughly half off the established market price on a branded or recently launched item, assume fraud unless other signals prove otherwise.
This trips up a lot of people. The padlock is there, so the site must be safe, right? No.
Why it is a red flag: SSL only proves the connection is encrypted and that someone controls the domain. It says nothing about who that someone is. Every phishing site has a padlock now because SSL is free and instant through Let’s Encrypt. A site with encryption but no verifiable company behind it is exactly the combination scammers produce by default.
How to check: Click the padlock and open the certificate details. A free Domain Validated (DV) certificate confirms only domain control and is what almost every scam uses. Organization Validated (OV) and Extended Validation (EV) certificates require the issuer to verify a real company — scammers rarely bother. Then cross-check: does the site list a registered company name, an address, and a phone number that match a real entity? If the encryption is there but the identity is blank, that gap is the sign.
Legitimate businesses create value. Scam sites create pressure. The goal is to make you act before you have time to run the other nine checks.
Why it is a red flag: False scarcity overrides rational thinking. If the “deal” genuinely expires in ten minutes, it probably was not a good deal to begin with.
How to check: Reload the page. Does the countdown timer reset? Does the “Only 3 left in stock!” counter change to a different number? Are there pop-ups claiming other people are buying right now? If the urgency resets every time you visit, it is a script, not reality.
This is the most decisive sign on the list. Scammers need payment methods they can disappear with, which means methods that offer you no way to reverse the charge.
Why it is a red flag: A store that funnels you toward irreversible payments is built so you cannot get your money back. The whole business model depends on it.
How to check: Go to the checkout page and see what is offered. Here is how the common methods compare.
| Payment method | Buyer protection | Risk level |
|---|---|---|
| Credit card | Chargeback rights | Low |
| PayPal | 180-day dispute window | Low |
| Apple Pay / Google Pay | Tokenized, backed by your card | Low |
| Debit card | Limited, varies by bank | Medium |
| Bank transfer / wire | None | High — walk away |
| Cryptocurrency | None | High — walk away |
| Gift cards | None | High — walk away |
| Zelle / Cash App (to strangers) | None | High — walk away |
If the only options are in the bottom half of that table, do not check out. No legitimate modern store refuses cards and PayPal while insisting on wire transfers.
| # | Sign | Fastest check |
|---|---|---|
| 1 | No real contact info | Footer + Google Maps |
| 2 | Recently registered domain | WHOIS lookup |
| 3 | Sloppy spelling/grammar | Read the About page |
| 4 | Stolen product images | Reverse image search |
| 5 | No real social presence | Click the social links |
| 6 | Vague refund policy | Read the Returns page |
| 7 | Unreasonably low prices | Compare on Amazon |
| 8 | SSL but no company info | Check certificate + About page |
| 9 | Manufactured urgency | Reload the page |
| 10 | Suspicious payment methods | Look at the checkout |
One or two signs on an otherwise solid site might be explainable. Three or more, and you are looking at a scam. Rather than work through all ten by hand, you can run the URL through Valdos — it checks domain registration, SSL type, contact signals, pricing patterns, blacklist status, and security infrastructure, then returns a transparent 0–100 score with the reasons behind it. If the score comes back low, the checklist already told you why.
Disclaimer: This article is for educational purposes and does not constitute legal or financial advice.
Check any website in 10 seconds
Paste a URL. Get a full trust audit — domain reputation, fraud signals, monetization analysis.
Run a free scan