TLDR
Checking if a website is safe takes under a minute with the right approach. The most important thing to understand: 86.7% of malicious domains use .com extensions (59,876 out of 69,088 in our URLhaus database). A .com domain does not mean a site is safe. Use the 5-step verification process below instead.
Why the Old Rules No Longer Work
You have probably heard advice like "avoid websites with weird domain extensions" or "look for the padlock icon." Neither works anymore.
ScamVerify™ tracks 69,088 malicious domains through URLhaus threat intelligence. The data shows:
- 86.7% use .com - the most trusted extension
- Free SSL certificates (Let's Encrypt) mean any site can have a padlock
- Professional templates are available for a few dollars, making fake sites look identical to real ones
The padlock icon means the connection is encrypted. It does NOT mean the site is legitimate. A phishing site with SSL is still a phishing site.
Step 1: Check the Domain Name Carefully
Read the domain character by character. Scammers use:
| Trick | Fake Domain | Real Domain |
|---|---|---|
| Letter swap | arnazon.com | amazon.com |
| Added word | amazon-verify.com | amazon.com |
| Number substitution | paypa1.com | paypal.com |
| TLD change | amazon.co (Colombia) | amazon.com |
| Subdomain trick | amazon.com.fake-site.com | amazon.com |
The subdomain trick is the most deceptive. In amazon.com.fake-site.com, the actual domain is fake-site.com and everything before it is a subdomain. Always identify the part right before the TLD (.com, .net, etc.).
Step 2: Check Domain Age (WHOIS Lookup)
Legitimate businesses have domains registered for years. Scam sites are usually days or weeks old.
- Go to a WHOIS lookup service (like whois.domaintools.com)
- Enter the domain name
- Check the "Created Date"
Red flag: If the domain was registered in the last 30 days and claims to be a major company or established business.
Step 3: Use ScamVerify's Website Checker
- Go to scamverify.ai/website-checker
- Enter the URL you want to check
- ScamVerify checks the domain against URLhaus (69,088 malicious domains), Google Safe Browsing, and other threat databases
- Review the risk assessment
Step 4: Search for Reviews and Complaints
Before buying from an unfamiliar online store:
- Search "[website name] scam" or "[website name] reviews"
- Check the Better Business Bureau (bbb.org)
- Look for the site on Trustpilot or Sitejabber
- If you find zero reviews for what claims to be an established business, that is a red flag
Step 5: Check for Contact Information and Policies
Legitimate websites have:
- A real physical address (verify it on Google Maps)
- A working phone number
- A privacy policy and terms of service
- An "About Us" page with specific details
Red flags: PO box only, no phone number, generic placeholder text in policies, stock photos of "team members."
Quick Reference: Safe vs Suspicious
| Feature | Likely Safe | Suspicious |
|---|---|---|
| Domain age | Years old | Days/weeks old |
| Contact info | Physical address, phone | PO box or none |
| Reviews | Multiple independent reviews | None or only on their site |
| SSL certificate | Yes (but not proof alone) | Missing entirely |
| Prices | Market rate | 70-90% below market |
| Payment methods | Credit card, PayPal | Wire transfer, crypto, gift cards only |
| URL spelling | Matches known brand exactly | Slight variations |
FAQ
Is a website safe if it has HTTPS and a padlock?
No. The padlock means your connection to the site is encrypted, not that the site itself is trustworthy. Free SSL certificates from Let's Encrypt mean any site, including phishing pages, can display a padlock. It is a necessary security feature but not a trust indicator.
Can visiting a malicious website infect my computer?
On a fully updated system with a modern browser, simply visiting a website is very unlikely to install malware. The real risks are downloading files, running programs, or entering information. However, outdated browsers and operating systems can be vulnerable to drive-by downloads.
How do I check if a shortened URL (bit.ly, etc.) is safe?
Use a URL expander service to reveal the full destination before clicking. Services like CheckShortURL.com or unshorten.it show you where a shortened link actually leads. Then run the expanded URL through ScamVerify's website checker.
