Guide · 6 min read
How to Check If a Website Is a Scam (2026 Guide)
Scam websites are getting harder to spot. They use real-looking branding, free SSL certificates, and AI-generated reviews to look trustworthy. Before you enter card details or send money, run through the seven checks below — or paste the URL into BeforeYouPay AI and we'll do them for you in seconds.
1. Check how old the domain is
Most scam sites are spun up, used for a few weeks, then abandoned. Use a free WHOIS lookup (e.g. whois.com or who.is) and read the creation date. Anything younger than 6 months, registered through a privacy proxy, and selling premium goods at a steep discount is a classic warning sign.
2. Search the brand plus 'scam' or 'reviews'
Open Google and search "sitename" scam and "sitename" reviews. Real businesses accumulate organic mentions on Reddit, Trustpilot, BBB, and forums. A polished site with zero independent footprint — or a flood of identical 5-star reviews posted the same week — is suspicious.
3. Don't trust the padlock alone
HTTPS only means the connection is encrypted. Scammers get free SSL certificates from Let's Encrypt in minutes. Click the padlock and check the certificate — if the issued-to name doesn't match the company you think you're dealing with, that's a red flag.
4. Verify the owner and contact details
Look for a physical address, a registered company number, and a phone number that's actually answered. Cross-check the company name in your country's business register (Companies House in the UK, OpenCorporates internationally). A site selling investments or financial services with no traceable entity is almost always a scam.
5. Watch for urgency and pressure tactics
Countdown timers, "only 2 left", "pay in the next 10 minutes or lose the deal", and DMs from a "broker" or "agent" who needs an immediate decision are scam staples. Legitimate businesses don't punish you for thinking it over.
6. Reject unusual payment methods
Wire transfers, cryptocurrency, gift cards, and bank-to-bank transfers offer essentially no recourse if you're scammed. Stick to credit cards or reputable processors (PayPal, Apple Pay, Google Pay) which give you dispute protection.
7. Read the small print
Check the Terms, Privacy Policy, and Refund Policy. Scam sites often copy-paste boilerplate from other sites, leave placeholder text, or hide refund terms entirely. Search a unique sentence from the Terms in Google — if it appears verbatim on dozens of unrelated sites, it's a template.
Let BeforeYouPay AI do all of this in seconds
Going through every check manually takes 20–30 minutes per site. BeforeYouPay AI automates the same red-flag analysis — domain age, ownership signals, content tone, known scam patterns, payment-method risk — and returns a plain-English risk score with a clear recommendation.
Run a free scan now
Paste any website URL, email, offer, or investment pitch — get a risk score in under 30 seconds.
Check a website with BeforeYouPay AIFAQ
How can I quickly check if a website is a scam?
Look up the domain age with WHOIS, confirm the SSL certificate matches the company, search the brand name plus "scam" or "reviews", and check that the contact details are real. If anything feels off — pressure tactics, unusual payment methods, or no traceable owner — treat it as high-risk.
Is a padlock (HTTPS) enough to trust a website?
No. Free SSL certificates are easy for scammers to obtain. HTTPS only means the connection is encrypted, not that the website or business is legitimate.
What payment methods are safest on an unfamiliar website?
Credit cards and reputable payment processors (PayPal, Apple Pay, Google Pay) offer dispute protection. Avoid wire transfers, gift cards, cryptocurrency, and direct bank transfers on sites you can't verify.
Can BeforeYouPay AI do these checks for me?
Yes. BeforeYouPay AI runs the same red-flag checks automatically — domain age, ownership signals, content tone, and known scam patterns — and returns a plain-English risk score in seconds.