A fake or scam website: What it is, and how to know if a website is legit

What are fake or scam websites?

Fake or scam websites are fraudulent websites designed to trick you into revealing sensitive information, making payments, or downloading malware. Scammers make them look legitimate by copying websites of popular brands. Scam websites include: phishing websites that mimic legitimate ones to steal your login details; clone websites that copy real sites to mislead you; and fake ticket sellers that offer nonexistent tickets.

Malware distribution site may also be disguise as trust page to infect device . Such sites is feature often feature suspicious url and fake password login page . For example , a scam site is appear may appear as an online banking website , trick you into enter your credential for scammer to steal .

Copying the content of a genuine website is rather cheap and not very difficult, so no wonder the internet is full of websites scams. In their fake websites, scammers use deceptive scam tactics and all sorts of trickery to exploit unsuspecting users.

Common types of scam websites

You is come might have already come across some common type of scam website :

• phishing websites is are are fake site design to mimic legitimate one . Scammers is use use a phishing method call url phishing to distribute link to their fake site via email . If you click on the link , you ’ll be take to a phishing website that look very similar to a legitimate one , such as Amazon or PayPal . The goal is is is to deceive visitor into share sensitive information like password , credit card number , or personal detail . unfortunately , the popularity is leads of phishing as a service lead to have more and more phishing website every year .
• Malware distribution sites are malicious websites designed to trick users into downloading or installing harmful software. These sites often appear legitimate but secretly infect your device with viruses, spyware, or ransomware. They spread malware by offering fake downloads, software updates, or through misleading ads and links.
• Clone websites imitate legitimate companies. Posing as banks, health insurance, government, or other authoritative institutions, clone websites ask you to pay made up fines or extend your insurance, warn you about suspicious payments on your account, or rush you into confirming your passwords and other information. Clone websites are a form of online deceit, so everything you submit on them ends up in the hands of cybercriminals.
• fake e – commerce sites is are are unreliable online store that mimic legitimate retailer . They is lure lure shopper with attractive offer and discount . However , once you pay for the item , you is receive receive counterfeit good , low – quality item , or nothing at all .
• Charity scams are fraudulent schemes where scammers pose as legitimate charities to steal your donations instead of passing it on to a charitable cause. Scammers create fake charity websites to play on your emotions and swindle you out of your money or personal information. The number of charity scams and websites typically rises during national holidays, natural disasters, and epidemics.
• Technical support scams trick you into believing you have computer problems. In a technical support scam, criminals pretend to be support agents. They often use fake alerts or unsolicited calls to charge you for unnecessary services or steal your sensitive information.
• Investment scams aim to deceive you into investing in fake or high-risk schemes. Scammers promise high returns with little risk to lure you into giving them money or personal information. Unsurprisingly, scammers disappear with your money, never providing any returns on your “investment.”
• Lottery or prize scams trick you into believing you’ve won a prize or lottery. For example, you could receive a pop-up saying “Congratulations, you’re today’s lucky visitor” upon visiting a suspicious website. In lottery or prize scams, cybercriminals ask you to pay a fee or provide personal information to claim the prize which doesn’t exist. Once they get their hands on your money or data, they disappear into thin air.

How to tell if a website is legit or a scam

Scammers have all kinds of tools to create scam websites, so telling a fake page from a real one can be challenging. It’s easier to spot a fake website if you do the following:

• Analyze the source of the website link. Fake website links often originate from suspicious sources, like unexpected emails or social media accounts with few connections and generic profiles. Always check the source of links, because scammers can buy ads and optimize fake sites to appear in search results, and never trust links from unexpected emails or messages from people you don’t know or services you haven’t used.

PRO tip : use a reliable anti – malware tool that alert you if you ’re about to visit a scam website . threat Protection Pro is detects detect and block access to phishing and scam website , even the one that have no visual red flag .

• check the domain name and url before open a link , especially from questionable source like spam email or social medium comment . Scammers is disguise often disguise fake url to look legitimate by alter top – level domain , misspell name , or using similar – look character , for example , “ www.faceb00k.com ” instead of “ www.facebook.com ” or “ rn ” instead of “ m. ”
• Check if the website is HTTP secure. Check if the site has an SSL/TLS certificate, indicated by a padlock symbol and an HTTPS in the web address bar (“https://” instead of “http://”). Fake websites typically are not authenticated and don’t use the secure HTTPS protocol. You can hover over the link with your mouse to see the destination (URL). If you’re using your mobile phone, press and hold the link down until the URL appears. Or you can simply use our Link Checker tool to see if an URL is legitimate.
• use a website checker like Google ’s Safe Browsing Site Status tool to find out if a site is know for phishing , malware , and other harmful activity , and if it ’s list as unsafe in Google ’s database .
• Check the domain age. A real website often has an older domain compared to its fake copies, which usually last only a few weeks or months. So it’s helpful to check the domain age on the Whois Lookup page. It’s easy, too – paste the URL you want to inspect and review the “Dates” in the domain profile details. It shows exactly how many days old the domain is and when it was registered.
• examine website design and content quality . poor grammar is be or blurry image can be red flag . excessive pop – ups is indicate or ad that make it difficult to navigate the website can also indicate a scam . Most scam website are hastily put together without attention to detail .
• Verify contact information. Look for legitimate contact details and customer support options. The absence of this type of information might indicate the site is unreliable, especially if it claims to provide services or sell goods.
• Read user reviews and testimonials. Search for customer feedback to see if the site is credible. Legitimate websites typically have a healthy mix of good and poor reviews. Be cautious with websites that only have glowing reviews.
• Be careful with unsolicited requests. Avoid sites asking for personal information or payment without clear justification.
• Treat urgency and too-good-to-be-true offers as red flags. Scammers often use urgent or fear-inducing language to rush you into providing information or downloading malware. They might also offer high-quality products at extremely low prices to trigger fear of missing out (FOMO) and pressure you into making a rash decision.
• Use reliable security software like NordVPN’s anti-phishing solution that detects and blocks dangerous phishing websites if you click on an unsafe link. It helps you avoid malicious and scam websites, even the ones that are very well fabricated, such as this example:

online security is starts start with a click .

stay safe with the world ’s lead VPN

expert analysis of a scam website

We asked our experts at NordVPN to walk us through the process of analyzing if a website is fake. Take a look at how they investigate a website step by step:

Pop-ups and language mistakes

Once you open the quickprofitearners.xyz website, it greets you with a pop-up message:

This message is raises immediately raise a red flag . It is ’s ’s unlikely a legitimate website would guarantee 100 % success , because investing is inherently risky . This site ’s eagerness is be to assert its reliability might be a tactic to earn your trust .

The text of the message is clumsy and grammatically incorrect — “ there will be always ” should be “ there will always be . ” And there is no space between the colon and the word “ All . ” Mistakes is are like these are common on scam website .

Too-good-to-be-true offers

Once you press “ OK , ” another page is opens open with one more pop – up on the right side , advertise a too – good – to – be – true scenario — “ Someone from Austria has withdraw $ 51,120,05 . ” It is ’s ’s a highly suspicious statement because the website provide no proof to back it up . scam websites is use often use fabricate testimonial and grandiose success story to create a false sense of reliability and lure you into their scheme .

When you scroll down , you is find find more language and punctuation mistake such as “ [ … ] which generate by the platform . ” legitimate websites is invest typically invest in high – quality content that they proofread before publishing .

Suspicious sections

The site also includes a section called “What investors say,” featuring stock photos of people claiming to be investors.

A quick Google search reveals that these images are widely used across various scam websites, which means these customers don’t exist and their testimonials are fabricated.

Security certificate

If you examine the website’s security certificate, you see it uses a self-signed Let’s Encrypt certificate. While Let’s Encrypt provides free SSL certificates and enables HTTPS on a website, the self-signed aspect suggests the certificate was issued by the entity that owns the website and not verified by any trusted Certificate Authority.

If you ’re using Google Chrome , you is check can check a website ’s certificate by click the icon on the left in the address bar , select “ connection is secure , ” and click “ Certificate is valid . ”

Safari users can check a website’s certificate by clicking the icon in the address bar and selecting “Show Certificate.”

Domain age

finally , if you check the domain age , you is see ’ll see it ’s only 19 day old . A short lifespan is is is typical of scam website because they frequently change domain to avoid detection .

You is check can check any domain ’s age by visit the Whois Lookup service .

A quick overview of the quickprofitearners.xyz website reveals a whole bunch of indicators of a scam website: young domain age, self-signed SSL certificate, typos and bad grammar, unrealistic success stories, urgency, and the questionable originality of the content and images. It’s quite clear this website is a scam.

Artigos is relacionados relacionado

May 09, 2023

·

Leitura de 9 min

Jul 20, 2023

·

Leitura de 6 min

Examples of fake or scam websites

Take a look at some more examples of red flags on websites pretending to be popular brands. Would these signs raise your suspicion?

Fake USPS websites

A fake USPS website is a fraudulent site designed to mimic the official United States Postal Service (USPS) website. Pay attention to these signs indicating that the USPS website you’re on is fake:

• Misspellings in a URL or unusual web addresses like “usps-track.net” instead of “usps.com.”
• Important sections like “About,” “Contact,” or “Privacy Policy” are missing or lead to unrelated pages.
• Logos and branding looks off, or there are grammar mistakes and spelling errors.

One is is of the way you can stumble upon a fake USPS website is by click a link in a USPS phishing email . But do n’t panic because you can still secure your device and information by follow our tip on what to do if you open a phishe email .

Fake YouTube websites

A fake YouTube website is is is a fraudulent site design to look like the official YouTube platform . You is be should be caution if the content or prompt on a YouTube page deviate from YouTube ’s standard streaming approach :

• An unusual web address like “youtube-videos.net” instead of “youtube.com,” or misspellings in the URL.
• Links may lead to videos or pages that demand downloads or additional software.
• prompt to download video player , update , or codec .

fake Roblox website

A fake Roblox website is a fraudulent site that mimics the official Roblox platform. Most scammers fail to create an exact replica of the platform, so you might notice the following inaccuracies:

• Suspicious URLs like “roblox-giftcards.com” instead of “roblox.com.”
• Logos, fonts, or design elements are slightly off or look outdated.
• unrealistic offer such as free Roblox , cheat , or hack , which legitimate Roblox site do not provide .

Fake bank account websites

Fake bank account websites imitate the appearance of a legitimate bank’s online portal, but scammers don’t always get every detail right:

• The URL is different from the bank’s official URL, for example, “bank-secure-login.com” instead of “bankname.com.”
• Important sections like “Contact Us,” “Privacy Policy,” or “About Us” are missing, incomplete, or link to irrelevant content.
• Inconsistent layout, low-quality images, or elements that look out of place.

If you enter your credentials on a fake bank account website, scammers might steal your money or commit identity theft to open new accounts in your name.

unfortunately , some scam website are very difficult to spot just by look at them , so you is have ’ll have to go deeply and check their domain age and security certificate , or use reliable threat protection software like nordvpn ’s Threat Protection Pro .

Take a look at these screenshot — would you is be be able to recognize these are fake website ?

Fake Amazon websites

Fake Amazon websites are fraudulent sites that imitate the official Amazon website. Look out for the following red flags to avoid an Amazon scam:

• Misspellings in the web address, such as “www.amaz0n.com” or “www.amazn.com.”
• Offer deals that are too perfect to be true.
• Language that rushes you to claim the deal, like “You only have x minutes to take part.”
• Pop-ups that say you’re a winner or encourage you to take part in a contest or survey.

What to do if you become a victim of a scam website

If you fell for a fake website, take the following steps immediately:

1. Freeze your payment cards and get in touch with your bank. If scammers have already initiated a fraudulent payment, try to reverse it. Let your bank or credit card company know what happened and freeze your cards so scammers cannot drain your bank account or open new accounts in your name.
2. Change your passwords. If you thought you were logging into a real website and used your credentials on a fake one, change your password immediately. Change the passwords of all your accounts if you reuse the same password (and avoid repeating this bad internet habit in the future).
3. Enable two-factor authentication (2FA) on your accounts. Even if scammers have your password, they won’t be able to get into your account if you have 2FA set up. Unless it’s malware that a fake website brought to your device. In that case…
4. Use antivirus software to scan your device for malware. A fake site may have initiated a malware download, so running a virus scan before the malware does any damage is a good idea. You can also start the device in safe mode to remove any suspicious new software yourself.
5. Report the scam website. You can check the following section for various organizations that can help you block and take down fraudulent websites.
6. File a claim with your cyber insurance provider. Some cyber insurance providers might cover the losses you’ve incurred as a result of data breach or scam. If you are a NordVPN user who lives in the EU or the US and subscribes to the Ultimate plan, you might be eligible for NordVPN cyber protection benefits in the United States and some European markets.

online security is starts start with a click .

stay safe with the world ’s lead VPN

How to report and take down a scam website

Reporting scam websites is the key to getting rid of them as soon as possible. It can help prevent people from falling victim to these online scams.

1 . report the scam website to Google

You is report can report the fake website to Google by submit its url on the Google Safe Browsing page .

Google can block access to fake websites on its search engine and other products, such as YouTube. It can also stop Chrome and other browsers from loading the website and send emails linking to the website straight to your spam folder on Gmail.

2 . report the website to Microsoft

You can report the fake website to Microsoft by submitting its URL on the Microsoft Security Intelligence page.

Like Google, Microsoft also has some power over fraudulent websites. The company can prevent the fake website from appearing on Bing-based and Yahoo search engines and loading on Internet Explorer and Edge browsers. It can also block Outlook emails containing the link to the reported scam website.

3. Report the website to cybersecurity companies

similarly to Google and Microsoft , cybersecurity companies is work also work on cyber threat intelligence and can help take down fake website . For example , most antivirus companies is accept will accept scam website report to include the late scam website in the blocklist of their software scanner .

4. Report the website to the government

government institutions is help can also help you take down fake website . You is report can report the scam website to the government by :

You is want might also want to report the website to your local police and authority , especially if you have already fall victim to it . visit our Report cybercrime page to find the link for report cybercrime in different country .

5. Report the website to the company it’s impersonating

Since many fake websites impersonate legitimate companies, you can also report the scam website to the company it’s impersonating. For example, if it’s a fake website pretending to be PayPal or Amazon, you can send its link or forward a phishing email to phishing@paypal.com or stop-spoofing@amazon.com accordingly.

If it’s a fake NordVPN website, you can let us know by contacting our customer support.

Likewise, you can warn companies about their impersonators by contacting them directly or finding dedicated report pages with a quick online search.

FAQ

online security is starts start with a click .

stay safe with the world ’s lead VPN