Is this website legit? How to check in 5 steps

When to ask the question

"Is this website legit?" is exactly the right question to ask before you type a password, enter a card number, or download anything - especially if you arrived from an ad, a social media post, or a message someone sent you. No single sign proves a site is safe, but five quick checks together give you a reliable answer, and none of them takes more than a minute.

Step 1: Read the domain character by character

The domain - the part right before the first single slash - is the site's real identity. Scammers register look-alikes: a swapped letter (paypa1.com), an added word (amazon-deals-ca.com), or an unusual ending (.shop, .top, .icu). The padlock, the logo, and the design can all be copied; the exact domain can't. If it isn't precisely the address you know, treat it as a different site - because it is one.

Step 2: Check how old the domain is

Scam sites live fast and die young: they're typically registered days or weeks before a campaign and abandoned soon after. A WHOIS lookup shows when a domain was registered. A "trusted store since 2009" running on a domain registered last month is telling you everything you need to know. Age alone doesn't prove legitimacy - plenty of new sites are honest - but a brand-new domain asking for your card deserves real suspicion.

Step 3: Understand what the padlock does (and doesn't) mean

HTTPS and the padlock mean your connection to the site is encrypted - nobody between you and the server can read it. They say nothing about who runs the server. Scammers get valid certificates in minutes, for free, so a padlock does not mean a site is trustworthy. The reverse check is still useful: a site asking for passwords or payment without HTTPS is disqualified on the spot. You can inspect any site's certificate with our SSL/TLS Checker.

Step 4: Look for a real business behind the page

Legitimate businesses leave traces; scam sites are cardboard storefronts:

• Contact and About pages. A real address, a working phone number, a company name you can search. A contact form alone - or pages that are empty, broken, or copied from elsewhere - is a bad sign.
• Prices that make sense. Steep discounts on everything, all the time, is the oldest lure there is.
• Policies. Real shops have return, shipping, and privacy pages with consistent details. Company names that change from page to page are a red flag.
• Payment methods. Credit cards offer fraud protection. A "store" that wants e-Transfer, crypto, or a wire transfer wants money you can't get back.

Step 5: Run it through a link checker

Our Link Checker does several of these checks at once: it follows redirects, flags look-alike and recently registered domains, and checks the address against known-scam blocklists - without you having to visit the site at all. It's the fastest single step on this list, and a good first move when a site feels off.

Putting it together

A legitimate site usually passes all five checks without drama. A scam site rarely survives more than two. If you're still unsure after checking, search the company's name together with the word "scam" or "reviews", or simply buy from a retailer you already trust - no deal is worth your card details on the wrong site.