Website Scams • Basics

What Is a Phishing Website?

A phishing website is a fake site that looks real and tricks you into entering passwords, payment info, or verification codes.

Start Website Training Browse Website Articles
Quick takeaway
HTTPS doesn’t guarantee legitimacy. The real check is the domain name.

How phishing websites work

Phishing websites are designed to capture what you type—logins, card numbers, addresses, or one-time codes. The scammer doesn’t need to “hack” you if they can convince you to hand over the information directly.

Where phishing sites come from

  • Email links (“Your account is locked—verify now”)
  • Text message links (smishing)
  • Social media messages
  • Search ads and “sponsored” results
  • Fake customer support pages

Common phishing website red flags

  • Domain looks slightly off (misspelling, extra words, strange endings)
  • Urgency or threats (“final warning,” “verify immediately”)
  • Login page appears unexpectedly
  • Requests for one-time passcodes
  • “Too good to be true” prices or limited-time offers

The safest way to verify

  1. Don’t use the link you were sent.
  2. Type the website yourself or use the official app.
  3. Log in from a trusted bookmark or official homepage.

Practice safe browsing

Practice Website Scam Defense Use Scam Lookup

FAQ

Can a phishing website have HTTPS?

Yes. HTTPS only encrypts traffic—it doesn’t prove the site is legitimate. Always verify the domain name.

What’s the most common goal of phishing websites?

Credential theft—stealing usernames, passwords, and sometimes one-time passcodes for account takeover.