Is this Website Legit?

Is this Website Legit?

The number of scam websites has been increasing, leading many people to fall victim to enticing promises of great rewards, high returns on investments, and unbeatable deals. These often leave users uncertain as to whether the website is legit. There are individuals who fall victim to online scams due to their lack of knowledge, their desire for personal gain, or simply their failure to adequately conduct due diligence on the company or individual involved.  In certain instances, even highly educated individuals can be deceived by scammers.

Below are some of the ten ways that help you answer the question, “is this website legit?”

  1. Check the Website Pages.

    Go to the website’s main page and familiarise yourself with the information about the company’s profile and activities. Make sure check whether they provide contact details, not just a “Contact Us” form.  Don’t stop at checking if the website has a registered address, contact number, and email. It is essential to verify the reliability of these contact details, as they may be associated with other entities or individuals who could potentially engage in fraudulent activities, be blacklisted, or have negative a reputation. If the contact email is a generic email, such as Gmail, it is important to remember that generic email accounts cannot be traced easily; only law enforcement or authorised parties can request user information from both Google and internet service providers with a legitimate reason such as a court order.

  2. Check the Privacy Policy and Terms of Use.

    Numerous countries enforce the General Data Protection Regulation (GDPR); therefore, it is important to review the Privacy Policy and Terms of Use. By doing so, the user can gain insight into how their personal data will be utilised, identify the limitations of liability, and see the applicable governing law clause. If a website does not have a Privacy Policy and/or Terms of Use, it could be a red flag, so beware of providing personal data.  Review the website contents and conduct additional due diligence.

  3.  Check if a website is SECURE.

    Check if the URL is a Hypertext Transfer Protocol Secure (HTTPS) with the format “https://”.  The Secure (“S”) states the site connection is Secure and the website uses Secure Sockets Layer (SSL).  Despite the encryption of data transmission and additional security measures provided by HTTPS, it does not guarantee that the website will not attempt to scam or defraud users.

    Another important security measure to  look for is the browser padlock icon. From your web browser, it is usually located in the URL bar.  A padlock icon may vary depending on the browser you use. The padlock icon shows that the site connection is secure and encrypted with valid SSL certificate.

    Secure URL vs not secureIf you are using a Firefox browser, you will see a padlock icon with a warning yellow triangle (), it shows that the connection between the web browser and the website  server is  partially encrypted and there are some issues with the SSL certificate. A padlock icon with a red strike over it (), it shows that the connection between the web browser  and the website sever is not encrypted and insecure.Using website or URL safety checker tools instantly helps us check whether the URL  is a phishing website, scam. You can use Google Safe Browsing, PhishTank, Cisco Talos, VirusTotal and other tools to check if the website is safe.

  4. Check the Spelling of the Domain Name.

    From time to time, internet users find themselves deceived by typosquatting.   According to Kasperksy, “typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets internet users who incorrectly type a URL into their web browser (e.g., “Gooogle.com” instead of “Google.com”)”.

    There are many forms of typosquatting such as domain parking, domain spoofing, imitators, monetizing traffic,  affiliate links and others.  For example, scammers will register a domain name that is spelled incorrectly but resembles the authentic website. The misspelled domain replicates the legitimate website and its content, or it may redirect the user to a distinct landing page where various tempting offers, explicit advertisements, or videos are displayed, and the user is prompted to input personal information or credit card details.

    To stay safe, refrain from clicking on URL links or attachments unless you are expecting emails or using secure online platforms.  These URL links may be harmful and carry viruses or phishing content. Take appropriate measures before clicking or accessing any URL links.

  5. Check WHOIS Behind a Website.

    Utilizing the WHOIS Lookup service allows user to access domain name registration records at Internet Corporation for Assigned Names Numbers (ICANN).  ICANN is a non-profit organisation responsible for the administration of the internet.  WHOIS records provide information such as Registrant and Registrar contacts, IP address, history of ownerships and more.  However, a majority of registrants have their details “Redacted for Privacy”, making it difficult to identify domain owners.  There are open source WHOIS Lookup providers, however, they don’t all provide full historical records. You can use domain search tools such as shared by IntelTechniques including Internet Archive, where you can view previously captured website screenshots.  Alternatively, contacting the domain registrar and hosting provider is an option if there is a legitimate interest.

  6. Check Company Records and Relevant Authorities.

    Verifying the company’s registration in both the specified jurisdiction any overseas branches is crucial.  This process enables you to confirm its registration details, directors and shareholders, business activities, financial records, charges and filing history.  Additionally, assessing the profile of the directors and shareholders provides valuable information on the current and previous ownership.  Understanding the nature of the company’s business is also important in determining the competent regulatory authority. For instance, UK companies are registered at UK Companies House and those operating in the financial services sector are regulated by the Financial Conduct Authority (FCA).

  7. Check Customer Feedback and Online Reviews.

    Reviewing customer feedback and online reviews indicate the  reputation of the business. However, nowadays fake online reviews are increasing, some individuals or companies are paid to write positive or negative reviews. As such, use your own discretion. Reading reviews from multiple sites or platforms gives you additional  material for comparison.

  8. Check if it is “Too Good to be True”.

    If you come across an advertisement on social media platforms, marketplaces, online ads, or from a company website that sounds  “Too Good to be True”, it most likely is! Do not fall victim to promises of guaranteed high returns on investments or unbelievable offers. Take the necessary time to conduct research and exercise good judgement before providing any personal information, engaging with the company, or making any online purchases, as this will protect you from falling victim to a scam or problems.

    If you still feel sceptical, you can seek further advice from a third-party advisor who has knowledge in this area.

  9. Check Appropriate Internet Security Software.

    It is highly advisable to invest in internet security or virus protection software in order to safeguard your devices against viruses, scams, and other cyber threats. Numerous options for internet security software programs are available, allowing you to choose one suitable for your specific needs.  This will provide extra layers of security to shield your devices from malicious threats and safeguard your sensitive data.

  10. Where to Report a Scam?

    There are several organisations to which scams should be reported.  To ensure proper assistance, it is advisable to reach out to the appropriate organisation or authority.  In the United Kingdom, the following organisations and authorities can be contacted in order to report scams:

    To report international scams, the following are some of the relevant organisations and authorities can be contacted:


How TenIntelligence can help

If you require Due Diligence, Brand Protection, or General Data Protection Regulation (GDPR) assistance, you  can contact our team at info@tenintel.com. For information about us, please visit our website at tenintel.com.


Written by

Shela Febrero | Associate at TenIntelligence