Website Scams • Checklist

How to Check If a Website Is Legit

Use this simple checklist to verify a site before you enter passwords, payment info, or one-time codes.

Start Website Training Browse Website Articles
Quick takeaway
Verify the domain first. Most scam sites fail that one test.

The “is this website legit?” checklist

  • Check the domain: does it match the real brand exactly (no extra words, dashes, or misspellings)?
  • Watch for subdomain tricks: the real domain is the last main part (example.com), not the front.
  • Avoid shortened links: they hide the real destination.
  • Be cautious with “login required” popups: especially if you didn’t choose to sign in.
  • Ignore the “lock icon” as proof: HTTPS does not guarantee legitimacy.
  • Look for pressure: urgency, threats, and “limited-time” offers are common scam signals.

Safer verification methods

  1. Close the suspicious page.
  2. Type the official website manually or use the official app.
  3. Navigate from the homepage to the login page yourself.

If the deal is “too good to be true”

Scam sites often use fake product listings or extreme discounts to push impulse purchases. If you wouldn’t trust the offer from a physical store, don’t trust it online until verified.

Practice the habit

Practice Website Scam Defense Use Scam Lookup

FAQ

Is HTTPS enough to trust a website?

No. HTTPS only encrypts the connection. Scammers can use HTTPS too. Always verify the domain.

What’s the safest way to log in?

Use the official app or type the website manually, then log in from the known homepage—not from a link in a message.