10 Common Signs of a Scam Website

Scam websites are designed to look legitimate just long enough to take your money or credentials. US consumers reported more than $10 billion in fraud losses to the FTC in 2023, with online shopping fraud among the most-reported categories. These are the ten most reliable red flags, roughly in the order you'll encounter them.

1. A brand-new domain

The strongest signal on this list. Scam domains are typically registered days before use and abandoned once blocklisted. Check the registration date with an RDAP lookup — a shop claiming years of experience on a domain registered last month is lying about something. This signal alone is worth up to 18 of 100 points in our scoring model.

2. A look-alike domain name

Typosquats such as amaz0n.com or paypa1.com, and brand names on unusual extensions (.tk, .ml, .ga), are classic phishing patterns. Read the domain character by character before entering anything.

3. No HTTPS — or HTTPS treated as proof

A site without HTTPS asking for personal data is disqualified immediately. But the reverse doesn't hold: free certificates take minutes to obtain, and the Anti-Phishing Working Group reports the large majority of phishing sites now use HTTPS. See what the padlock actually proves.

4. No verifiable contact information

No physical address, no working phone number, no named legal entity — scammers avoid accountability. Verify what is listed: map the address, call the number, search the company name in the official business registry.

5. Missing privacy policy or terms

Legal pages are mandatory for legitimate businesses in most jurisdictions (GDPR, CCPA). Missing, unreachable or boilerplate policies naming the wrong company are a strong negative signal.

6. Irreversible payment methods only

Wire transfers, gift cards and cryptocurrency cannot be reversed — which is exactly why scammers demand them. Legitimate shops accept credit cards or PayPal, which carry chargeback and buyer protection. The FTC's fraud data consistently shows these irreversible methods produce the highest per-victim losses.

7. Too-good-to-be-true prices and urgency

Luxury goods at 80% off, "guaranteed returns", countdown timers and "only 2 left" pressure are engineered to short-circuit the checks you're reading right now. Legitimate businesses rarely need to rush you.

8. Poor grammar and stolen content

Persistent spelling errors, machine-translated text and product photos lifted from other sites (check with a reverse image search) all indicate a disposable operation with no investment in quality.

9. Aggressive pop-ups and fake warnings

Fake virus alerts, permission-request spam and pop-ups that resist closing are common on malicious sites. A legitimate business never tells you your computer is infected.

10. Negative reviews — or no footprint at all

Search the site name plus "reviews" and plus "scam". Check Trustpilot and the BBB Scam Tracker. Consistent complaints about undelivered orders are decisive — and a total absence of any reputation is itself a warning for a site claiming to be established.

Frequently asked questions

What is the single biggest red flag on a website?

A very young domain combined with a request for money or credentials. Legitimate businesses hold domains for years; scam domains are typically registered days before use. You can check any domain’s registration date free with an RDAP lookup, or instantly with SiteReviewChecker.

Why do scammers ask for gift cards, wire transfers or crypto?

Because those payments are irreversible. Credit cards and PayPal offer chargebacks and buyer protection; gift cards, wire transfers and cryptocurrency do not. The FTC consistently lists these as the payment methods with the highest reported fraud losses — treat any site that only accepts them as a scam until proven otherwise.

How do I report a scam website?

In the US, report it to the FTC at reportfraud.ftc.gov and to the FBI at ic3.gov. Also report phishing pages via Google Safe Browsing so browsers warn other visitors, and notify your bank immediately if you shared payment details.

Sources

Check before you trust: run any website through SiteReviewChecker for an automated 0–100 trust score in seconds.

Related guides