Looking for the latest? We’ve checked this page to make sure everything is up to date. We still think these are great tips for spotting a fake website.

Shopping on a fake website could result in your personal or financial information being stolen or your device becoming infected with a virus or malware. Knowing how to spot red flags is crucial but simple once you know what to look for. We’ve got tips, tricks, and tools for checking a website’s legitimacy below.

Step #1: Pay attention to the address bar
The first thing you want to look for on a website is the https:// at the beginning of the address. The S in https:// stands for secure and indicates that the website uses encryption to transfer data, protecting it from hackers.

If a website uses http:// (no S), that doesn’t guarantee that a website is a scam, but it’s something to watch for. To be on the safe side, you should never enter personal information into a site beginning with http://.

Some internet browsers, like Google Chrome, lend a hand in warning you about unsecured websites. When a site is secure, you may see a small padlock next to the web address, or the address may be highlighted in green. You might also notice the domain name next to the padlock before the https://. That means the website has one of the highest levels of encryption and can be trusted.

Some browsers highlight unsecured web addresses in red or simply say “Not secure.”

If you’re unsure, you can click on the padlock or “Not secure” notice to see more details about the website’s security. You can also check up on a site through Google’s safe site search. The presence of the https:// doesn’t guarantee security, but it’s a good starting point.

Don’t be fooled by fake logos.

Check sites for logos that indicate which security certifications a website has, like DigiCert, Verisign, or Symantec, for example. A scam site may copy and paste pictures of these logos on their sites. To check whether a certification is valid, click on the logo to see if it opens a new tab with details about the website’s security. If the logo is just a picture and not a button, it’s likely fake.

Step #2: Check the domain name
A favorite trick of scammers is to create websites with addresses that mimic those of large brands or companies, like Yah00.com or Amaz0n.net. Scammers count on you skimming over the address and domain name, so it’s always worth double-checking the address bar if you’re redirected to a website from another page.

Step #3: Look up the domain age
Scammers know that more people will be shopping online during the holidays than usual, so they put together real-looking websites very quickly around those times. By checking the domain age, you can see how long the website has been in business, giving you a better sense of its veracity.

The Whois Lookup domain tracker gives you information about who a domain name is registered to, where they are, and how long the website has been active.

Step #4: Watch for poor grammar and spelling
An excess of spelling, punctuation, capitalization, and grammar mistakes could indicate that a website went up quickly. Companies with legitimate websites may certainly have the occasional typo but still put effort into presenting a professional website. If a website capitalizes every other word or has a lot of odd phrasing and punctuation, take a closer look.

Step #5: Look for reliable contact information
Look for several ways to contact the company (phone, email, live chat, physical address) and try them out. Does anyone ever answer the phone? Do you get a generic prerecorded voicemail or form email? If the only method of contact is an online email form, proceed with caution.

I once found a series of similar websites that all used the same “live” chat that generated generic responses instead of actually answering my questions. It was a huge tip-off that none of the sites were legit.

Legitimate websites should have several extra features like an “About Us” section, terms and conditions, a privacy policy, and, if it’s a shopping site, shipping and returns information. Check out each of those pages to make sure they are there and fully populated with actual information.

Step #6: Use only secure payment options
Shopping websites should offer standard payment options, such as credit cards or PayPal. If a website requires you to use a wire transfer, money order, or other unsecured (and nonrefundable) form of payment, we recommend staying away, even if the rest of the website looks legitimate.

Step #7: Walk away from deals that are too good to be true
Sometimes retailers heavily discount older merchandise to offload excess goods or make room for new products, but if you find a site that has the latest iPad model listed at an 80% discount, walk away. Chances are high that you‘ll never see the goods you purchase or the money you spent.

Step #8: Run a virus scan
An inundation of ads or pop-ups can indicate that a site isn’t secure. Ads themselves aren’t an indication of a problem, but if there are more ads than content or if you have to click through several ads to be redirected to the website, you have cause to be suspicious. There are several free resources that let you do a quick scan for viruses, phishing, malware, and known scam sites:

Is It Hacked?
VirusTotal
PhishTank
FTC Scam Alerts
The best way to protect yourself against malicious websites is to install antivirus software on all your devices and to keep it up to date.

Double-check emailed links.

Be wary of links sent through emails and texts from retailers, people you don’t know, or even your bank or internet provider, especially if they ask you to confirm you financial or personal details. These are common tactics scammers use to attempt to steal your information or infect your device.

Step #9: Do your research beforehand
A quick online search of reviews of a website will tell you a lot. You can research the reputation of the seller through the Better Business Bureau and other official review sites. If there aren’t any customer reviews anywhere, that’s a concern. If you find large numbers of negative reviews, that’s a clear signal to walk away.

Step #10: Be proactive about protecting your information
If you visited a site that seemed sketchy or want to stay on top of protecting your identity, we recommend using a variety of tools:

A password manager to keep your personal information safe from hackers
Identity protection services to keep your identity safe in case of a breach
Credit monitoring to lock down your finances
Don’t be fooled—be empowered
Online shopping can be a great and harmless experience as long as you watch out for these red flags and use some caution and common sense. Instead of feeling threatened by all the ways fake websites could fool you, realize that by knowing what to look for, you’re empowered to take control of your online experience.