When surfing the web, be it on your laptop, PC, or on your smartphone, it's easy to end up on an illegitimate or scam website without even realizing it.

Websites can now look incredibly professional or convincing even when that's not the case in reality, so it's important to be able to notice the red flags. With that in mind, here are the easiest ways to check if a website is secure.

1. Check for Errors in the Website Address

https link magnifying glass graphic

When you're on a fake website, you may sometimes be able to tell by looking at the URL in the web address bar at the top of your window.

For example, there may be a subtle spelling error in the name of a brand if you are on a dupe website, such as "homedep0t" instead of "homedepot".

On top of this, a web address using "http" instead of "https" at the beginning of the URL may also be unsafe. This is because Hypertext Transfer Protocol Secure (HTTPS) is designed for secure data transfers and communication over a network, whereas HTTP is not. Hypertext Transfer Protocol Secure encrypts HTTP requests, so that your browsing experience is made more private and secure.

While not all websites using HTTP instead of HTTPS are unsafe, many are. So, if you notice that a website you are on is not using Hypertext Transfer Protocol Secure, you should be very cautious as you go forward and not input any personal information which could be intercepted or collected.

2. Check for a Lock Icon Next to the Web Address

google search page with arrow pointing to URL

All major web browsers use a lock icon to notify users that a website is deemed safe. Check the web address of this page right now, and you'll see a small lock icon to the left of the URL. This relates back to Hypertext Transfer Protocol Secure.

When the lock icon is present, it means that the website you're on uses Hypertext Transfer Protocol Secure. When the lock icon is not present, or has an alert or cross symbol next to it, the website does not use Hypertext Transfer Protocol Secure, so it is not deemed safe by the browser.

Again, while not all sites without the lock icon are unsafe, many are, and so you should proceed with caution or use one of the other methods on this list to check its validity. This is a good thing to watch out for, whether you're on a suspicious website using your smartphone or computer.

Google has announced that it's removing the lock icon indicator from the Chrome browser in September 2023. You may want to opt for a different browser if you like this feature.

3. Check the Site's Domain Age

http text in front of phone

The domain age of a website relates to the website's creation date. While this domain age can't give an exact website age, as domains are often purchased before the creation of a website, it can give you a rough idea of the site's age.

This is particularly helpful when it appears you're on a well-established site, but you suspect it might be a dupe. For example, if you're on what you assumed was Walmart's official website, but the domain age is as low as a few months, weeks, or days, it's likely that the site is a replica designed to con users out of their payment information or other sensitive data.

There are a number of different sites you can use to check the age of a domain, including Small SEO Tools and Duplichecker.

4. Read Through the Company's Social Media Feeds and Reviews

social media icons in front of person on phone and laptop

It's easy to come across a new company that you want to buy from or use the services of. But it's crucial to do a little research around these smaller companies to make sure they're legitimate.

A great way to determine whether an online company is well-established is by checking their social media presence. If the company doesn't have any form of social media, just has a few followers, or posts unusual or suspicious content, there may be something of a criminal nature going on behind the scenes.

Unfortunately, a lot of these new sites you come across, especially those that offer very low prices for their products ot services, are not legitimate at all. Their purpose is to steal private data (especially your payment information) so that they can make a profit by exploiting it.

This is why it's also important to check the reviews of a company before making any kind of commitment. A quick internet search of the business and its reviews should bring up a couple of services, such as TrustPilot or Reviews.io, which should inform you of the general legitimacy of the company.

If you're seeing a lot of one stars, or complaints around delivery and customer service, steer clear.

When checking reviews, remember that you should never use the site's own review page to form an opinion. Many scam sites create their own positive reviews to convince users of its legitimacy. Instead, use official reviews sites. If you can't find any reviews at all (aside from those on the site itself), this is another sign that something isn't quite right.

5. Check the Site Itself for Red Flags

graphic of pink and white clothing website

If a dupe or scam website isn't thoroughly checked by its creator before publishing (and they often aren't), then it's easy to spot the cracks and sniff out the swindle.

Firstly, you should check for spelling errors. While established websites can make spelling mistakes, this is pretty rare, as they often have a web design or copywriting team checking for problems prior to publishing. Secondly, check the prices of the products or services on offer. Many scam websites have very low prices that are usually too good to be true.

Along with these key red flags, there are other factors that may be indicative of an unsafe website. Low-quality images, poor page design, and long loading times also point to a hastily-designed scam website. Take note of these signs whenever you're suspicious of a site's legitimacy.

Additionally, urgent and persuasive language is also a solid indicator that a site is actually a scam. For instance, an e-commerce site may have a ten-minute countdown timer, stating that you'll be able to get a big discount if you make a purchase before it hits zero. Of course, it's natural for a shopping site to have sales, but incredibly pushy language is sometimes suggestive of a shady operation, to make you do something quickly which you'll later regret.

6. Check Who Owns the Domain

google search page behind magnifying glass

The owner of a domain can be another great indicator of whether a website is safe. The domains of official websites will usually be owned by big domain companies that you can easily search for. So, if you look up the domain owner's name and you find articles about scams or no relevant results at all, then you're most likely on a dupe website with domain owned by a scammer.

There are a number of free websites you can use to find the owner of a domain. We recommend using GoDaddy's WHOIS domain checker, which can quickly provide you with all the required information about a domain. But there are a number of alternatives to GoDaddy, including:

7. Look for a Privacy Policy

privacy policy text on post-it note

All businesses that require some of your information must state exactly what data they collect and how they use it in a privacy policy. If a website you're suspicious of has no privacy policy, or the existing privacy policy is incredibly short or vague, consider this an amber flag at the very least. Even not having a GDPR notice might indicate a scam site.

What's more, you should be wary if a website's privacy policy has a lot of broken language or spelling and grammatical errors. This may be indicative of a shoddy site setup, wherein the operators gave little thought to the privacy policy. If you spot another company's name in the privacy policy for no reason, the website's developer may have simply lifted a privacy policy from another site to save time on writing one out from scratch.

It Pays to Vet a Website Beforehand

The internet is rife with all kinds of scams; so much so that you've probably crossed paths with one without realizing it. So, it's incredibly important to quickly check a website's legitimacy before providing any kind of personal or sensitive information, as this is one of the main methods cybercriminals use to access private data.

Staying safe using these quick tips can mean the difference between dodging a scam and walking right into one. Ensuring a website is secure is crucial, no matter how professional it may look upon first glance.