Much of the time, it’s not hard to tell if you’re on a safe website or a dangerous one. However, for instances when you’re not certain, it helps to have ways to test if a site is safe or not.
Below are some metrics you can use to determine if a site is real or phony. While not foolproof, they’ll help you figure out what kind of site you’re on.
1. Check the URL for Issues
Dangerous websites will often have strange URLs that are easy to overlook if you’re not paying attention, but give away the site’s issues with a careful look.
Always look to make sure the URL you’re on is the one you expect. Malicious sites posing as a legitimate page will frequently misspell words, substitute numbers for letters, or end in strange domain extensions.
It’s also important to understand how URL structures works. The name closest to the extension is the actual domain of the site. Say you’re on a site with the URL paypal.fakesite.com—while this looks like PayPal at first, you’re really on fakesite.com.
Genuine URLs usually contain full words, not random strings of letters and numbers. Often, but not always, website names that use hyphens between words are shady.
2. Look Into the Domain Registration
We’ve explained before how your browser knows that sites are secure. Clicking the padlock icon that appears in your browser lets you confirm that you’re on an encrypted connection to the site, which protects the information you send in transit.
However, a website using a secure connection doesn’t make it safe; lots of scam websites have security certificates. To do more research, you can look at how long the domain has been registered. Use a Whois lookup, like the one on DomainTools, to see how old a website is. If you think you’re on Microsoft’s website but the lookup says it’s only two weeks old, it’s a fake page.
Finally, a low-tech way to check if a domain is trustworthy is to Google its name (not the URL). Lousy sites don’t rank highly on Google, so if you can’t find the page at the top of a Google page, it’s likely dangerous. If you’re on an impostor site, you’ll see the real one higher in search results.
3. Scan for Signs of Unprofessionalism
Another telltale sign of fake websites is that they lack the polish of genuine sites. Poor English is a common sign that you’re on a fake site, particularly if the company is based in an English-speaking country. Watch out for randomly capitalized words or blatant errors—real sites put a lot of care into catching these problems.
If you can’t find clear contact info or other relevant information like a privacy policy or shipping details, you’re likely on a dangerous site. Scam sites don’t take the time to add this information; if they do, it’s stolen or incomplete.
4. Avoid Sites With Loads of Spam
Lots of websites make money through ads, and since they can’t control them all, occasionally a bad one slips through. But if you’re on a site that’s full of overwhelmingly spammy ads, links, and similar, take caution. You shouldn’t have to navigate around tons of fake info to find something legitimate.
Don’t be fooled by “Secure Site” banners, either. These are easy to copy and slap onto your website, so they don’t mean a site is safe.
5. Beware of Malicious Ads
While they’re a necessary part of the web, ads are also often used as a way to mislead you. For example, while Google does its best to make sure only reputable services are included in Google Ads, sometimes a malicious site will sneak through.
The first few results in Google are usually ads and are marked as such. Be aware that these might not be links to genuine or useful services. It’s a good idea to click a standard Google result, not an ad, in most cases. In the below example, the second ad goes to a junk website.
This potential danger also applies to ads on websites. Sometimes, ads are designed to look like fake update notifications, links to real sites, or downloads. If you’re on a site with lots of confusing ads, it might not be safe.
6. Try a Scanning Tool
To get another opinion, you can use one of the many website scanning tools available online. These analyze the site and tell you if there’s risk from malware or scams.
Google’s Safe Browsing scanner is a good place to start. Beyond that, you can try VirusTotal or Is It Hacked?
Don’t Fall for Fake Sites
Not all these tips will apply to every fake site, but you can use them to look deeper into a page that doesn’t seem right. Remember that when in doubt, you should never continue on a site you think is phony. There’s a much greater chance of entering a fake site by clicking a link in an email or text message than using tools like Google or a news app.
For more web info, learn what to do when a website won’t load.