How to Check if an Online Store Is Legitimate Before You Buy

TLDR

The FTC reported $2.7 billion lost to online shopping scams in 2025, making it the most costly fraud category for consumers. ScamVerify™ tracks 69,088 malicious domains through URLhaus, and 86.7% of them use .com to appear trustworthy. This guide gives you a step-by-step checklist to verify any online store before you enter your payment information.

The 10-Step Store Verification Checklist

Step 1: Check the Domain Age

Legitimate online stores have been around for years. Scam stores are typically registered days or weeks before launching. Use a WHOIS lookup tool to check when the domain was registered.

• Under 6 months old: High risk. Proceed with extreme caution.
• 6 months to 1 year: Moderate risk. Look for additional red flags.
• Over 1 year: Lower risk, but not a guarantee of legitimacy.

Scam stores average a lifespan of 60 to 90 days before being reported and taken down. They rely on getting as many victims as possible before that happens.

Step 2: Examine the URL Carefully

Check the domain name for typosquatting and deceptive patterns:

Our URLhaus data shows the TLD distribution of malicious domains:

The dominance of .com among malicious domains means you cannot assume a .com store is safe simply because of the domain extension.

Step 3: Verify the SSL Certificate

Click the padlock icon in your browser's address bar and view the certificate details:

• Domain Validation (DV): Basic, often free. Only confirms the requester controls the domain. Most scam sites use DV certificates.
• Organization Validation (OV): Requires business verification. More trustworthy.
• Extended Validation (EV): Requires thorough business verification. Most trustworthy, used by major retailers.

Important: an SSL certificate does NOT mean a site is legitimate. In 2025, 82% of phishing sites used HTTPS. It only means the connection is encrypted.

Step 4: Search for Reviews Outside the Site

Never trust reviews displayed on the store's own website. Search for independent reviews:

1. Search "[store name] reviews" on Google
2. Search "[store name] scam" or "[store name] legit"
3. Check Trustpilot, Sitejabber, and the BBB (bbb.org)
4. Look for reviews on Reddit by searching "site:reddit.com [store name]"

Red flags in reviews:

• All 5-star reviews posted within a short time period
• Generic language that could apply to any store
• Reviewer profiles with no other review history
• No reviews at all (a new store with zero third-party reviews is suspicious)

Step 5: Verify the Contact Information

Legitimate stores provide multiple ways to contact them:

• Physical address: Copy it into Google Maps. Is it a real business location or a random residential address?
• Phone number: Call it. Does someone answer? Is it a working number?
• Email: Is it a business domain email (support@storename.com) or a free email (storename.sales@gmail.com)?
• Live chat: Many scam stores have a live chat widget that never connects to anyone.

If the store only provides a contact form with no phone number, address, or email, treat it as a red flag.

Step 6: Read the Return and Refund Policy

Scam stores either have no return policy, a policy copied from another site, or a policy with impossible requirements:

• No return policy page: Major red flag.
• Policy references a different company name: Copied from another site.
• Returns only accepted within 3 days: Unreasonably short.
• Buyer pays return shipping to overseas address: Designed to make returns impractical.
• "Store credit only" with no refunds: Limits your ability to recover money.

Legitimate retailers typically offer 14 to 30 day return windows with clear instructions.

Step 7: Check the Pricing

If prices seem too good to be true, they are. Scam stores routinely offer:

• Designer products at 70 to 90% off retail price
• "Closing sale" or "warehouse clearance" that never ends
• Every item on the site discounted by the same percentage
• Prices significantly lower than any other retailer for the same product

Compare prices on major retailers like Amazon, Walmart, or the brand's official website. If the store is selling a $200 item for $29, it is almost certainly a scam.

Step 8: Examine the Payment Methods

Legitimate stores accept major credit cards and established payment processors:

If a store only accepts wire transfers, gift cards, cryptocurrency, or payment apps like Zelle and Venmo, do not buy from it. These methods offer no buyer protection.

Step 9: Check for Trust Seals

Many stores display trust seals from organizations like Norton, McAfee, BBB, or the payment processors. However:

• Click the seal. A real trust seal links to a verification page on the issuing organization's website.
• Fake seals are just images that do not link anywhere or link back to the same store.
• Verify the store is actually listed on the seal provider's website.

Step 10: Run It Through ScamVerify

Before entering any personal or payment information, run the store's URL through ScamVerify's website checker. The analysis checks:

• Domain registration age and registrar details
• SSL certificate type and issuer
• Known threat database matches (URLhaus, ThreatFox)
• Hosting infrastructure analysis
• AI-powered risk assessment combining multiple data sources

Quick Reference Card

Print or save this checklist for quick reference before any online purchase:

For a deeper dive into specific fake store tactics, read our complete guide on fake online store red flags.

What to Do If You Already Bought from a Suspicious Store

1. Contact your credit card company immediately to dispute the charge
2. Document everything with screenshots of the site, order confirmation, and payment receipt
3. Change your password if you created an account on the store
4. Monitor your credit card statements for additional unauthorized charges
5. Report to the FTC at ReportFraud.ftc.gov
6. Report to your state's attorney general consumer protection division

FAQ

Can I trust a store just because it has a professional-looking website?

No. Modern website builders and templates make it possible to create a professional-looking store in hours. Scammers use platforms like Shopify, WooCommerce, and custom templates to build sites that look identical to legitimate retailers. Visual appearance is not a reliable indicator of legitimacy.

Are stores on social media marketplace (Facebook, Instagram) safe?

Social media marketplaces have significant fraud problems. Facebook Marketplace and Instagram shops have lower verification requirements than dedicated e-commerce platforms. Always verify the seller independently before purchasing, regardless of the platform.

What if a store has some good reviews and some bad reviews?

A mix of reviews is actually more trustworthy than all positive reviews. Look at the content of the negative reviews. If multiple people report never receiving products, receiving counterfeit items, or being unable to get refunds, those patterns are more informative than the star rating.

Is it safe to buy from overseas online stores?

Buying from overseas stores is not inherently unsafe, but it adds risk. Returns are more expensive, consumer protection laws may differ, and dispute resolution is more complicated. If buying from an overseas store, use a credit card for maximum protection and verify the store's reputation through international review platforms.

How do I check if a coupon or discount code site is legitimate?

Coupon sites that require you to enter personal information, download software, or complete surveys before revealing a code are almost always scams. Legitimate coupon sites like RetailMeNot or Honey display codes directly. If a "coupon" redirects you to a store you have never heard of, verify that store using this checklist before purchasing.