What is the fastest way to check if a website is legit?

Paste the domain into Scam AI. It runs Google Safe Browsing, WHOIS, OpenSanctions, register lookups and review-site checks in a few seconds and gives you a colour-coded verdict.

Does HTTPS mean a website is safe?

No. HTTPS only means the connection is encrypted. Scammers buy free SSL certificates routinely. Use HTTPS as a baseline, not as proof of legitimacy.

How can I tell if a shopping website is a scam?

Check domain age (under 6 months is a red flag), look for missing physical address and ABN/company number, search the brand name plus the word 'scam', and confirm the site is not on Google Safe Browsing's blocklist.

Is a website with great reviews always legit?

Not always. Fake-review farms are cheap. Cross-check Trustpilot, ScamAdviser and independent forums, and weight older reviews more heavily than a burst of new 5-stars.

What should I do if a website looks suspicious?

Do not enter card details, do not upload ID. Run the URL through Scam AI, search the domain on regulator warning lists for your country, and report the site to the platform that referred you.

FREE REAL-TIME VERIFICATION · GLOBAL SEARCH · OFFICIAL OPEN DATA SOURCES

How to Check If a Website Is Legit

Seven free checks you can run in under two minutes — before you buy, sign up, or send money to any website.

Key Takeaways

HTTPS is not proof of safety — scammers use free SSL certificates too.
Domains registered in the last 6 months are the single strongest scam signal.
Cross-check Trustpilot AND ScamAdviser — never rely on one review source.
A missing physical address, ABN or company number is a major red flag.
Free OSINT tools like Scam AI combine all of the above into one verdict.

1. Check the domain age (WHOIS)

Most scam sites are spun up, exploited for a few weeks, then abandoned. A WHOIS or RDAP lookup tells you when the domain was first registered. Anything under six months should be treated with extreme caution — legitimate businesses almost always have older domains.

2. Verify the URL on Google Safe Browsing

Google Safe Browsing maintains a global blocklist of confirmed malware and phishing URLs. If a site appears there, exit immediately. Scam AI runs this check on every search automatically.

3. Look up the company in an official register

Real businesses are registered somewhere — ASIC in Australia, Companies House in the UK, SEC EDGAR in the US. Search the trading name. If nothing comes up, or the registered address has nothing to do with the website, walk away.

4. Search the brand name plus the word 'scam'

This sounds basic but works. Real complaints surface on Reddit, Trustpilot, ScamAdviser and consumer-affairs sites within weeks. Read more than one review and weight older reviews higher than a flurry of brand-new 5-stars.

5. Check regulator warning lists

Financial regulators publish warning lists of unauthorised firms — the FCA (UK), ASIC (AU), SEC (US), BaFin (DE), and many others. Scam AI also queries OpenSanctions, which aggregates 80+ of these lists for free.

6. Inspect contact details

Look for a real street address, a company registration number, and a phone number that matches the country claimed. Mobile-only contact, free webmail addresses, and an address that Google Maps shows as a residential apartment are all warning signs.

7. Reverse-image search the team photos

Fake recovery firms and clone investment sites routinely steal headshots from LinkedIn or stock photo libraries. Drop any 'team' photo into Google Images. If the same face appears on a dentist's website in another country, you have your answer.

Run a free check now

Scam AI cross-references regulator blacklists, business registries, WHOIS history and global fraud reports — in real time, free, no signup.

Verify a Website

Frequently Asked Questions

What is the fastest way to check if a website is legit?: Paste the domain into Scam AI. It runs Google Safe Browsing, WHOIS, OpenSanctions, register lookups and review-site checks in a few seconds and gives you a colour-coded verdict.
Does HTTPS mean a website is safe?: No. HTTPS only means the connection is encrypted. Scammers buy free SSL certificates routinely. Use HTTPS as a baseline, not as proof of legitimacy.
How can I tell if a shopping website is a scam?: Check domain age (under 6 months is a red flag), look for missing physical address and ABN/company number, search the brand name plus the word 'scam', and confirm the site is not on Google Safe Browsing's blocklist.
Is a website with great reviews always legit?: Not always. Fake-review farms are cheap. Cross-check Trustpilot, ScamAdviser and independent forums, and weight older reviews more heavily than a burst of new 5-stars.
What should I do if a website looks suspicious?: Do not enter card details, do not upload ID. Run the URL through Scam AI, search the domain on regulator warning lists for your country, and report the site to the platform that referred you.