10 Signs That a Website Might Be a Scam

Emil Gheonea

Software engineer & founder of LinkThreatScan · 4 March 2026

Online scam sites cost consumers billions of dollars every year. They impersonate legitimate retailers, services, charities, and government bodies. While no single sign is conclusive, certain patterns appear repeatedly across fraudulent sites. Here are the ten most reliable red flags to watch for.

1. The domain was registered very recently

Scam sites are often created specifically for a campaign and discarded after a few days or weeks. A domain registered within the last month is not inherently malicious, but if it's combined with other red flags, treat it as a serious warning sign. You can check domain age via a WHOIS lookup or any URL scanner.

2. Prices that defy reality

Offers that are 70–90% below the typical market price are a strong indicator of fraud. Legitimate businesses operate on margins. Scam sites advertise fantasy prices to attract victims and either deliver counterfeit goods, deliver nothing at all, or use the checkout process to capture payment details.

3. No verifiable contact information

Legitimate businesses provide a real physical address, a phone number, and a working email address. Scam sites often list no contact details at all, or provide generic Gmail addresses, addresses that don't exist when checked on a map, or phone numbers that are disconnected.

4. Poorly written content

Many scam sites are translated or written quickly without native speakers. Look for unusual phrasing, grammatical errors, inconsistent typography, or text that reads as if machine-translated. Product descriptions copied verbatim from legitimate sites are another common pattern.

5. Missing or vague return and refund policies

Legitimate e-commerce sites have clear, specific return and refund policies. Scam sites either omit these completely, copy a generic policy that bears no relation to how they actually operate, or bury conditions that make claiming a refund effectively impossible.

6. Only one payment method, often unusual

When a site accepts only bank transfers, cryptocurrency, or gift card codes, this is a serious red flag. These payment methods provide no buyer protection and are essentially irreversible. Legitimate retailers always support card payments and usually offer additional options like PayPal.

7. The site appears on blacklists

Global threat databases maintained by security companies, governments, and browser vendors compile lists of known scam and phishing sites. A URL scanner checks your link against these databases in real time. If a domain is listed, it has already been identified as malicious by security researchers.

8. Pressure tactics and artificial urgency

'Only 2 left in stock.' 'Sale ends in 00:03:15.' 'Your session is about to expire.' These tactics are designed to prevent you from pausing to think critically. Legitimate businesses occasionally run time-limited promotions, but pervasive countdown timers and stock warnings are hallmarks of high-pressure scam sites.

9. HTTP security headers are absent

While invisible to casual users, missing security headers like HSTS, CSP, and X-Frame-Options indicate that the site's operators have put little thought into security. Legitimate businesses — especially financial services — invest in proper security configurations. A scanner can detect these in seconds.

10. No SSL certificate, or a certificate for a different domain

Even basic sites use HTTPS today. A site that still uses HTTP, or whose SSL certificate is expired, self-signed, or issued to a completely different domain, is either poorly maintained or actively malicious. This is particularly alarming on any page that asks for personal or payment information.