A great deal that's almost too good to be true. A "delivery" text with a link to pay a small fee. A bank login page that looks exactly right. Scam websites are designed to slip past your instincts in the moment you're distracted or excited — and they're getting more convincing all the time. The good news is that most of them give themselves away if you know where to look. This guide walks through the warning signs and the simple checks that keep you safe.
What it is
A scam website is a site built to deceive you — usually to steal your money, your payment details or your personal information. Some are fake shops that take your cash and send nothing. Others are spoof sites that impersonate a real organisation — a bank, a courier, a government service — to harvest your login or card details. Either way, the design is deliberate: the more legitimate it looks, the better it works.
That's the key thing to understand. A scam site isn't a crude, obvious fake; criminals copy logos, layouts and wording from the real thing. So you can't rely on a site "looking professional." You have to check the details that are harder to fake.
The mindset that protects you: slow down. Scams rely on speed and emotion — excitement at a bargain, panic at a "problem." A calm thirty-second check defeats most of them.
Check the web address first
The single most revealing detail is the URL — the web address in the bar at the top. Criminals can copy a site's appearance perfectly, but they can't use the real address, so they use one that's close.
- Misspellings and swaps. Look for subtle changes:
amaz0n.com,paypaI.com(with a capital "i" posing as an "l"), orbank-secure-login.com. A glance reads it as right; a careful look doesn't. - Odd endings. Be wary of strange domain endings tacked onto a familiar brand, like
apple.com.verify-account.net. The real owner is whatever sits just before the final.com/.co.uk— here that'sverify-account.net, not Apple. - Get there yourself. Don't trust links in emails or texts. Type the address you know, or use a bookmark or a search, so you land on the genuine site rather than a lookalike.
This habit overlaps heavily with spotting phishing emails, because a phishing message and a scam website are usually two halves of the same trap: the email lures you, the fake site does the stealing.

The padlock is not a trust badge
Here's a myth worth killing. Many people were taught "look for the padlock," and the padlock (which means the site uses HTTPS) does matter — but not in the way most assume.
The padlock tells you the connection is encrypted, so someone can't easily snoop on the data travelling between you and the site. It tells you nothing about whether the people running the site are honest. Encryption certificates are free and instant, so scammers get padlocks for their fake sites as a matter of routine. A padlocked phishing page is still a phishing page.
So treat it as a floor, not a seal of approval: no padlock on a page asking for payment is a serious warning, but a padlock by itself proves nothing. To understand exactly what it does and doesn't mean, see our explainer on what HTTPS is and why the padlock matters.
Read the warning signs
Beyond the address, a cluster of red flags tends to show up together on scam sites. Any one might be innocent; several at once should stop you.
| Warning sign | Why it matters |
|---|---|
| Prices far below everyone else | Bait to rush you into buying something that won't arrive |
| Poor spelling and grammar | Genuine brands proofread; many scams don't |
| Pressure and countdowns | "Only 2 left!" timers exist to stop you thinking |
| No real contact details | A missing address, phone or company info is a bad sign |
| Unusual payment methods | Requests for bank transfer, gift cards or crypto avoid buyer protection |
| Reviews only on the site itself | Glowing on-page reviews mean little; check independent sources |
Pay special attention to payment method. A legitimate shop accepts cards (which give you protection if things go wrong). A site that insists on bank transfer, gift cards or cryptocurrency is steering you toward methods where your money is gone for good once sent — a hallmark of fraud.
Watch for impersonation, not just fake shops
Scam sites aren't only about dodgy products. Some of the most damaging impersonate trusted organisations — your bank, HMRC, the DVLA, a delivery firm, or a lender — to capture your details or trick you into paying a "fee." The pattern is consistent: an urgent message, a link to a convincing but fake page, and a request for information or money before you have time to reflect.
These impersonation scams are widespread enough that legitimate companies now publish guidance on how to recognise fakes of themselves. The UK lender Credicorp, for example, sets out the tell-tale signs in its guide to spotting loan scams and impersonation — note that it flags exactly the behaviours above: pressure to pay immediately, and an upfront "fee" demanded before a loan is released. If a message claims to be from a company you deal with, don't use the link it provides. Go to the company's real website yourself, or call a number you already trust, and check.
Do a few quick checks
When in doubt, a couple of minutes of independent checking settles most cases:
- Search the site's name plus "scam" or "reviews." Other people's experiences are often the fastest answer.
- Look for independent reviews, not just testimonials on the site itself, which are trivial to fake.
- Find verifiable contact details — a real address and a working phone number — and be suspicious if they're missing.
- Check how old the site is. Brand-new sites impersonating established brands are a common scam pattern.
- Trust your gut. If something feels off, close the tab. There's no prize for ignoring your instincts.
These same instincts protect more than your wallet — being cautious about which sites you trust with information is part of staying safe from impersonation scams generally.
If you've already been caught
If you realise too late that you entered details on a fake site, act quickly — speed limits the damage:
- Entered card or bank details? Contact your bank or card provider immediately. They can block the card, watch for fraudulent transactions and advise on getting money back.
- Entered a password? Change it at once on the real site, and on any other account where you used the same password.
- Report it. In the UK, report fraud to Action Fraud and report the scam site so others can be warned. Citizens Advice can also help if you're unsure what to do next.
Being scammed is nothing to be embarrassed about — these operations are professional and target everyone. What matters is reacting fast.
The bottom line
Scam websites win by looking real and rushing you, so the defence is to slow down and check the things they can't fake. Read the web address carefully, remember the padlock means encryption rather than honesty, and watch for the cluster of red flags — bargain prices, pressure, missing contact details and odd payment demands. Be especially wary of sites impersonating banks, lenders and other trusted bodies. A calm thirty-second check before you type your details is, by some distance, the cheapest insurance you'll ever buy. And if you do get caught, contact your bank, change your passwords and report it without delay.
Frequently asked questions
How can I tell if a website is fake?
Check several things together rather than trusting one. Read the web address carefully for misspellings or odd endings, look for poor spelling and grammar, be wary of prices that seem too good to be true, check for real contact details and reviews from outside the site, and notice any pressure to act immediately. No single sign is proof, but several together strongly suggest a scam.
Does the padlock symbol mean a website is safe?
No. The padlock and 'https' only mean the connection between you and the site is encrypted, so others cannot easily eavesdrop. They say nothing about who runs the site or whether it is honest. Scammers routinely get padlocks for their fake sites, so a padlock is necessary but never sufficient proof of trust.
What should I do if I entered my details on a scam website?
Act quickly. If you entered card or bank details, contact your bank or card provider straight away — they can block the card and watch for fraud. Change the password for any account whose login you entered, and any other account using the same password. In the UK you can report it to Action Fraud, and report the site to the relevant authorities so others are protected.
Are scam websites only about shopping?
No. Many imitate shops, but others impersonate banks, delivery companies, government services like tax or licensing, and even loan providers. The goal is usually the same — to harvest your personal or payment details, or take a payment for something you will never receive — so the same checks apply across all of them.
Join in — free. Comments on Daily Junction are for members, so real names stay rare and bots stay out.
One field. We email you a 6-digit code — no password needed. Your comment is kept while you do it.
Under 13? You’ll need a parent’s OK first — it takes them one click.