How do I check if a website is legitimate before I buy anything?
Check the domain age, look for verifiable contact details, read third-party reviews, and trust your instincts — sites with prices far below market and no traceable business behind them are almost always fraudulent.
Last reviewed: 10 June 2026
Explanation
A convincing-looking website takes minutes to build, so visual polish is not a reliable indicator of legitimacy. The checks that actually matter focus on the business behind the site rather than the design. Start with the domain itself: use a free WHOIS lookup tool to see when the domain was registered. A site selling branded electronics that was created three weeks ago is a major warning sign.
Search for the company name plus words like 'reviews,' 'scam,' or 'complaint' in a search engine. Check Trustpilot, the Better Business Bureau (BBB), and Reddit. A total absence of reviews on a site claiming to have thousands of satisfied customers is itself suspicious. Verify that any listed phone number connects to a real human, and check that the address resolves to an actual business location rather than a vacant lot or mail drop.
Look for a secure connection (HTTPS) — the padlock icon in the address bar — but understand that HTTPS only means the connection is encrypted, not that the site is honest. Free SSL certificates are available to anyone. More meaningful is whether the site has clear, specific return and refund policies, a real privacy policy, and payment options that offer buyer protection such as credit cards or PayPal Goods and Services rather than wire transfers or cryptocurrency.
Price is still a useful signal. If a product is 70% below its normal retail price, ask yourself why. Counterfeit goods, non-delivery scams, and grey-market resellers all hide behind prices too good to be true. Use the /risk-score/scam-risk-checker to get an automated assessment of any site before entering your card details.
Common red flags
- Domain registered within the past few months for a 'well-established' retailer
- No verifiable physical address or the address is a virtual office service
- Prices dramatically below any other seller for in-demand products
- Only accepts wire transfer, cryptocurrency, or gift cards — no credit card option
- Contact page is a form only with no phone number, email, or live chat
- Reviews are all five stars posted within days of each other with similar phrasing
- Spelling errors, inconsistent branding, or stock photos instead of actual product images
What to do now
- Run a WHOIS lookup to check domain registration date (lookup.icann.org)
- Search the site name plus 'scam' or 'reviews' before purchasing
- Check BBB and Trustpilot for the company name
- Verify the physical address exists using a mapping tool
- Use the /risk-score/scam-risk-checker for an automated assessment
- Pay only with a credit card or PayPal Goods and Services so you can dispute if needed
Frequently asked questions
Does HTTPS mean a site is safe?
No. HTTPS means data between your browser and the server is encrypted, but scam sites routinely use free SSL certificates to display the padlock. Always verify the business behind the site, not just the connection security.
How can I tell if reviews are fake?
Red flags for fake reviews include: all reviews posted within a short time window, no negative reviews whatsoever, generic praise with no product-specific detail, reviewer profiles with no other review history, and language that sounds translated or templated.
What payment method gives me the best protection when buying online?
Credit cards offer the strongest buyer protection through chargebacks. PayPal Goods and Services also offers dispute resolution. Debit cards have weaker chargeback rights. Wire transfers, crypto, and gift cards offer no recovery options.