How to Determine if a Website is Fake or Fraudulent

You should never visit any website that you feel may be fake or fraudulent, because you could be putting your computer and all of your personal information at risk. Always look closely at the content on any website you visit because it can be difficult to notice fraudulent phishing websites.


Have you ever been phished? Phishing is an online scam that misleads individuals into believing a website you visit is real, which requests personal information, such as login details. Phishing can come in many forms such as the attacker may send you emails that resemble real information from accounts on websites to convince you into believing the situation is legit. Examples would also include receiving emails telling individuals to update their credit card information or change their password using a link because someone just used your password to sign in from somewhere else. This is a very effective phishing tactic because it's hard to tell a fake site from a real one because online hackers can create exact replicas of Google accounts or websites. It's important to know if a website is safe to use before you provide any sensitive data, such as credit card information. Here are some helpful tips that you can use to make sure a website is legit.

Check the SSL Certificate

SSL Certificates secure your data as it passes from your browser onto a websites server. Companies must be approved and go through a validation process to earn an SSL certificate. If the URL of a website begins with “https” instead of “http” it means the site is secured using an SSL Certificate. Many people don’t even bother to look at the URL of any website they visit because the average person just doesn’t think to look at the address bar. The address bar provides vital information on the security of the website you are visiting. The lowest level of validation is Domain Validation, which is just used to validate the ownership of the domain and not the legitimacy of the organisation requesting the certificate. Extended Validation is the highest level of validation, and is considered to be the safest and most legitimate. The Extended Validation Certificate can be seen on the address bar. Browsers that have a green address bar with a lock icon have EV certificates. Browsers give websites with EV SSL certificates preferential treatment by displaying the company name to the left of the URL. The green address bar cannot be faked, it shows proof of identity—and by extension trustworthiness.
Scammers can obtain free SSL Certificates fir the domain name they are using.
So they very rarely have and use business validated SSLs. So be sure to view the actual Certificate in use to see if it does contain the business details you expect from the business you are dealing with.

Below is an example of our SSL Certificate that contains our business details, showing a business validated SSL.

Business Validation Example

Below is an example of a free SSL Certificate from Let's Encrypt with no Business Validation.

Domain Validation Example

How to View Certificate Details

In Google Chrome

  1. Click the Padlock Icon, left of the domain name in the URL bar.
  2. In the dropdown Window, click Certificate
  3. In the Certificate Window, click the Details open arrow, to view the Certificate Details

In Safari

  1. Click the Padlock Icon, left of the domain name in the URL bar.
  2. Click Show Certificate
  3. In the Certificate Window, click the Details open arrow, to view the Certificate Details

In Firefox

  1. Click the Padlock Icon, left of the domain name in the URL bar.
  2. In the dropdown window, click the arrow to the right of Connection
  3. In the Site Security window, it will show any business details from the Certificate

Signs that prove if a Company is real or a scam

Prices: If the prices on the website are too good to be true, you should leave that website immediately. We all have seen websites selling popular electronics for a few cents on the dollar, and they usually are fake. There is a difference between a bargain and selling merchandise for such low prices that won’t even make the company any money. These items are usually on fake websites or they’re stolen goods that you should not be purchasing. Apps such as the Wish App often has fraudulent listings such as Television sets, and IPhones available for purchase for a few dollars that I look to avoid because I know it’s impossible for a company to sell any item at that low price.

Return Policy: If a website doesn't list any return policy that's a sign that you're looking at a bunch of fraudulent listings. Most Reputable websites have a return policy as well as a shipping policy available for customers to look at before they purchase any item.

Privacy Statement: A reputable website will have a privacy statement that tells you how they protect your information when you visit that site, and it includes information on third parties they may give your information to.

Trust your Browser: If your web browser suggests that you avoid visiting a site you should adhere to the warnings. A web browser is always going to try to lead you away from malicious websites and alert you of any potential threats.

Trust Seals

Trust seals are used to invests in customers security. You will often see them on the homepage of websites because they give off the impression that you’re safe when you visit this site because you see multiple brands that you are familiar with. Trust seals display verified information when you click on them, and they let customers know the SSL certification for this website is in good standing. Trust seals show that a company is involved and dedicated to good security practices, or the use of secure methods for transactions. The goal is to demonstrate to customers that this business is concerned with security and their business identity.

The seals are great for viewing verified business information, just like a Business Verified SSL Certificate. However, it can be a double edged sword... If a website has more than 1 Trust Seal, maybe 3 or more, then this can be a sign they are a bit dodgy and are trying to hard to install trust in the visitors. A legitimate website will usually use just one Trust Seal to show their verified Business Information.

Trust Seals

Google Safe Browsing and Security Reports

You can always utilise the Google Safe Browsing Transparency Report feature if you ever feel like a website seems suspicious or may be a scam. The Google Safe Browsing Transparency Report is free and available to everyone. You just copy and paste the URL, so it can give you report which will tell you if the website is trustworthy. Google is a great platform that tries to keep all users safe. I would recommend just entering any sites you’re suspicious of into the Google Safe Transparency report field, so that I know I’m safely browsing through the web.

We now have our Free Website Security Check, which also checks the Google Safe Browsing database.
Free Website Security Check

Spotting a Fake URL

Scammers often create fake web addresses that look like reputable websites. People often don’t notice these fake company websites and are tricked into revealing personal credit card information. Here are some tips to help you point out a fake URL.

  • When you're looking at the URL, look carefully for any subtle misspellings in the domain name.
  • Be careful of URL shorteners that abbreviate lengthy Web addresses for social media and text messages. In order to hide the actual URL to which a link points. Try using CheckShortURL to see what the shortened URL points to in its expanded form.
  • Always check for extra words in the URL
  • Try to contact the company if you want to make sure a link is real.
  • Remember to think before you click on anything!

Below are some examples of fake websites using a URL that may look real, but is actually not correct.

fake paypal url
fake facebook url

Always Browse the Web Safely

Surfing the web can be very exciting and convenient, but you always need to to protect your information and make wise decisions. We all have visited websites that we probably shouldn’t have and thinking back it's really never worth the risk. So always remember to just browse safely, so you never can fall victim to any online scam or cyberthreat.

Discussions and Comments

Click here to view and join in on any discussions and comments on this article.

Written by
Paul Baka


SSLTrust Blog

View our blog covering news and topics in security, certificate authorities, encryption and PKI.

Learning Centre

View more resources on cyber security, encryption and the internet.


Continue reading with these articles you may be interested in...

#Articles

My Account may have been Hacked - What should I do

It can feel like a nightmare when you can’t login to your email account or you start to notice some unfamiliar activity occurring on your profile that you know wasn’t caused by you. It’s important to always pay attention to any suspicious activity …

#Articles

How do Cyber Criminals get your account details?

Hackers are smart and lazy. Who would want to sit at a computer all day typing away guessing passwords? Not me. They say that lazy people are often the innovators of our society, thinking of ways to do things that require minimal time and effort. …