How to check if a website is legit

HomeBankingOnline BankingOnline Safety › How to check if a website is legit

In an ultra-connected age where digital presence is paramount, the internet serves as a gateway for cybercriminals. As a result, online fraud seems ever-present, and around 18,000 fraudulent websites are created every day.

Scammers are also using email services provided by Google and Yahoo to appear trustworthy, which is why it’s essential that you’re aware of what to look for when it comes to fraudulent websites (see the section on important terms to know for cyber security below). Here’s what you need to know about how to identify fake websites.

How to check if a website is legit

Want to know if a website is legit? Follow these seven simple steps:

  • Check the URL 
  • Verify the trust seal 
  • Ensure your connection is secure 
  • Filter through the content 
  • Find out who owns the web domain
  • Use Google’s Safe Browsing Transparency Tool 
  • Look at reviews

Top tips

1. Check the URL

By paying close attention to the URL at the top of your browser, you might be able to spot a fraudulent website. While you can sometimes spot a fake URL straight away, in some cases the deceptive site can be hidden or manipulated to look familiar. 

An easy way to find out if the site is actually malicious is by highlighting the entire URL then copying and pasting it into the search bar of another tab. Before hitting ‘enter/search’, inspect the URL again, as it may be that the actual URL, before any manipulation has occurred, is now exposed. 

2. Verify the trust seal 

On websites where you can make a purchase, known as ecommerce sites, there will often be a ‘trust seal’ on the payment pages or other pages where sensitive information is required. When you click on a trust seal, you should be taken to the seal provider’s website where the legitimacy of the website will be verified. Alternatively, you may be able to visit the seal provider’s website and search for the website there instead.

Here’s a complete list of trust seals.

3. Ensure your connection is secure

Ensuring your connection is secure is an easy step you can take to confirm that the channel of communication between you and the server is encrypted and secure. In basic terms, it means any information you input cannot be read by third parties or fraudsters. To do this, click on the padlock in the URL bar at the top of your tab and then click on ‘Show certificate’ if using an Apple Mac product, or choose ‘Security’ or ‘More information’ on other browsers to open the certificate. 

If you are taken to a website without the ‘https://’ at the beginning of the URL and are asked for any information, leave immediately as the website probably isn’t secure.

4. Filter through the content

Hackers will often rush to pull websites together in order to make money quickly, meaning you’ll often spot bad grammar, incorrect spellings and typos throughout the text. Reputable, trustworthy websites have good quality content and thorough processes to ensure their text doesn’t include mistakes. 

If the text has a real sense of urgency to it that is pressuring you to pay a fine or threatening some other risk to you personally, it is likely to be a scam. In a similar vein, if something seems too good to be true, for example, savings accounts with higher-than-average interest rates, it probably is. 

In any circumstances where a website seems poorly designed with badly-written content, it’s best to err on the side of caution and call your bank directly to check. 

5. Find out who owns the web domain

All domains have to register their URL or web address, so you can check who has done this by visiting website checkers such as LookWhoIs or

You’ll then be able to link the website with an individual or organisation. If you’re struggling to do this or it feels a bit cloak-and-dagger, it’s likely that the individual is a scammer and doesn’t want to be found.  

6. Use Google’s Safe Browsing Tool 

Possibly the easiest way to investigate a website is to simply copy and paste the URL into Google’s Safe Browsing Site Status Tool. This tool is like a fake website detector, and will reveal whether the site is safe (or not). 

7. Look at reviews

Feefo, Trustpilot and TripAdvisor are all trusted sites that collate reviews from previous, legitimate customers who can help you decide whether or not the website is legit. Reviewers can also warn you about scams or inconsistencies with the website, allowing you to make a more informed decision.

However, it’s important to be aware that some fraudulent websites also input fake reviews to build a false sense of security and scam unwitting visitors. If the reviews are all brand new, have consistently bad grammar or simply make you suspicious, you might want to avoid using the website.

Important terms to know for cyber security

These are some of the cyber security terms, abbreviations and general website jargon that are useful to understand and will help you tell if a website is legit. 

What is HTTP? 

HTTP stands for Hypertext Transfer Protocol and makes up the foundation of the World Wide Web. It is used to load websites using hypertext links. In simple terms, it’s the application on which web pages work. You may also see ‘HTTPS’, which is an extension of HTTP and means that your connection is secure (see the section on SSL below).

What is a URL? 

URL stands for Uniform Resource Locator, and it’s simply a complete web address (or rather a set of directions that follow the HTTP in order to find the page you need). You’ll find the URL of a website in the long narrow box at the top of your browser. 

What is the domain name?

The domain name forms part of the URL and is almost like a ‘nickname’ for the full URL. This is the small segment you’ll recognise as the website name – it’s normally the company name, or something similar.

What’s an IP address? 

An IP or Internet Protocol address is an identifying piece of information that distinguishes one internet user from another. If you have an internet router at home, it will have its own IP address so its location is known. You can find your own IP address by typing, ‘what’s my IP address?’ into a search engine, such as Google.

What is SSL? 

SSL stands for Secure Sockets Layer, and it was the most widely deployed cryptographic protocol to provide security, before it was succeeded by TLS in 1999. 

TLS stands for Transport Layer Security and is effectively the same thing, but most people still refer to this type of technology as SSL. What SSL does is provide a secure channel between two machines or devices that operate over the internet or an internal network. You normally see HTTP at the start of a web address, and when it turns to HTTPS, the ‘S’ stands for ‘secure’.

What is phishing? 

Phishing is the most common way for cybercriminals to obtain your sensitive information, such as passwords, banking information or credit card details. Fraudsters use techniques such as emails and adverts to get this information, leading you to a fraudulent website that might look exactly like a normal one. They will use this website to mislead you into entering sensitive details which they can then keep and exploit. 

What is malware?

Malware is the term used to describe any kind of malicious software. Cybercriminals use malware to track victims and exploit them for financial gain. Malware can exist in the following forms: 

  • Email attachments
  • Adverts on popular websites 
  • Fake software downloads & installations
  • Infected USB drives
  • Infected apps
  • Text messages