By clicking a retailer link you consent to third party cookies that track your onward journey. If you make a purchase, Which? will receive an affiliate commission which supports our mission to be the UK's consumer champion.

Staying safe online: 7 ways to spot a scam website

We explore how you can effectively guard your money and keep your personal data away from prying eyes while browsing the web
Faye LipsonSenior researcher & writer

Purchase scams were rife in the first half of 2023, with the number of cases soaring by 43% compared with the same period in 2022. 

As we enter the peak shopping period of the year, the numbers are likely to rise further. But if you know what to look out for, many scam sites can be avoided.

Maybe you're confidently shopping online already and have been for many years, or perhaps you are nervous about the prospect of scam sites and prefer to shop in person. Either way, we've got you covered, as it is possible to stay safe if you know what to look for. 

Before you submit your payment details or personal information to a website, take a look at our seven tips below to avoid a scam website.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

Seven ways to stay safe online

1. Pay attention to the green/grey padlock

This small icon is found in the address bar and tells you whether the traffic between you and the website is encrypted. If it is, that means information you send over the internet to the site, such as your password and your card details, are scrambled. That makes it very difficult for a hacker to view that information if they intercept it. 

But the padlock doesn't tell you anything at all about the honesty of the website operator. Fraudulent sites often have padlocks: it's not difficult to add a padlock to a website. All this means is that your personal data and payment details are being securely transmitted to the fraudster, and other cybercriminals can't get in on the act. Even if there's a padlock, you could still be scammed.

Websites lacking padlocks are increasingly rare, but some do still exist. They should be viewed as 'read only' affairs - simply browse and move on. Don't even create an account or password on such sites.

2. Does the website have any contact methods listed?

A 'contact us' box on its own isn't good enough, as you won't know whether it works until you actually need to use it. Expect to see clearly stated contact details, such as an email address, phone number and address.

Any website that fails to offer a contact method and information on its geographic location is breaching consumer contract regulations. Don't trust it with your money or personal information, as you won't be able to reach anyone if there's a problem with your purchase.

If an address is listed, you can search it on Google Earth by selecting the magnifying glass symbol and entering the address into the search box that appears. If Google Earth can't find it, the address could be fake.

If it can find it, a small red location dart icon will appear on the map. Click on this dart multiple times to zoom into the 'aerial view' as far as you wish, or click the person symbol near the bottom right-hand side and drag it on to the map to see it in 'street view', as you would from the ground. Ask yourself whether the alleged business premises seem appropriate. 

Give an annual subscription

Help a loved one make smarter decisions all year round

Sign up now

3. Check Companies House

If the website you're checking out has a UK company name and/or number stated anywhere, you can check it out on Companies House - the official register of UK companies. To search, go to Companies House and enter the purported company name or number into the search box

Before you do this, though, it's important to understand that the mere fact of being registered on Companies House doesn't ensure that a company is behaving in an ethical or lawful way. Moreover, Companies House itself doesn't yet verify the accuracy of information supplied by companies (though legal changes mean it will begin doing so within the next few years) and false addresses and director names are sometimes registered. For now, Companies House is best thought of as a vast digital filing cabinet, rather than an authority bestowing legitimacy.

However, if a company is registered, it means you can probably identify at least one named individual and a company address to contact if something goes wrong. In the (extremely unlikely) event that you need to take legal action, it gives you a named entity. If the site's stated company name doesn't have an exact match on Companies House, avoid it. Scammers sometimes pick names very close to those of genuine registered entities, hoping to be mistaken for them. 

4. Read reviews

Online reviews of retailers on sites such as Trustpilot are an important weapon in your due diligence arsenal, but they come with a warning. Which? is campaigning to stop the scourge of fake reviews online, and it's vital to check whether a positive review seems legitimate.

We've found businesses manipulating review systems, misusing genuine review tools or even incentivising customers to leave good reviews in exchange for free products or vouchers.

Check multiple review sites, and don't rely on star ratings alone - not even if a company has a five-star average rating. Dig a little deeper and read the comments in each review, asking yourself whether they really ring true. Do lots of the positive reviews seem overenthusiastic or lacking in facts? Do many of the comments follow a strikingly similar format or are they mostly posted by reviewers with newly registered accounts? If so, they might be fake.

Don't just trust that overall score - find out how to spot fake reviews to avoid disappointment.

5. Looks are everything (in this case)

While genuine retailers usually design their websites with great care and expense in order to set themselves apart from competitors, fake sites are often thrown together quickly with cheesy stock images and dummy or stolen text, with other crucial site elements missing.

Don't just zero in on the product or service you're interested in. Instead, have a proper nose around the site. Are there lots of spelling mistakes, pages with 'lorem ipsum' dummy text, or generic images that don't relate to what's being sold? All these signs are red flags that you should think twice about before shopping on that website.

Does the site have a privacy policy? This is a legal requirement, and if a site won't tell you how it's using your data, it doesn't deserve your data. Equally, does it have a returns policy? A real company should tell you how and where to return a faulty item.

Scammers often copy their mission statements or 'about me' pages from other sites. Try copying such text from the suspect site and pasting it into Google to see if it's lifted verbatim from third parties.

6. Are you staring at a copycat site?

Scammers like to pass themselves off as genuine retailers, as well as financial firms and government services. So-called 'clone sites' designed to copy the real deal commonly crop up in sponsored results on search engines, which sit at the top of the page. They also frequently advertise on social media sites.

If you're using a search engine to look up a business by name, or to find a service (such as passport or driving licence renewal), it's generally safer to ignore the sponsored results and skip straight to the top 'organic' result, which has achieved its position through its relevance and trustworthiness.

Take a look at the example below. The page on the left is from a scam site and the page on the right is genuine. The copycat site uses the Gymshark logo and appears to sell Gymshark goods. However, Gymshark told us that it only sells direct to consumers, so anyone else claiming to sell it is a scammer. 

7. Prices that are too good to be true

Price comparison apps and sites have made it easier than ever to spot the cheapest online retailer for almost any item. But these services don't necessarily make sure the sites they serve up are genuine, so it's our job to be sure before we buy.

Browse a few well-known retailers and get a rough idea of what a particular item costs. If a little-known seller offers it at a jaw-dropping discount on the typical price, this should ring alarm bells. Ask yourself whether a major retailer, with its economies of scale, could be so vastly undercut by an unknown seller.

How to pay it safe

Generally speaking, if you're buying something that costs more than £100 but less than £30,000, a credit card is your best bet. That's because many credit card purchases benefit from legally binding protection under Section 75 of the Consumer Credit Act. In a nutshell, Section 75 makes your card provider jointly liable with the retailer for any breach of contract or misrepresentation.

If you pay £1,000 for a laptop that never shows up, and your emails to the seller go unanswered, Section 75 offers you a different way of getting your money back. Paying by credit card can be a good way to cover yourself when buying big-ticket items such as tech, white goods and furniture.

Find out more: Section 75 of the Consumer Credit Act

Chargeback

If you're spending less, or you don't have a credit card, paying by debit card can still protect you. A scheme called chargeback, operated by the card schemes Visa, Mastercard and American Express, works in a similar way to Section 75 if goods or services are damaged, not as described or haven't been delivered.

PayPal also offers its own Buyer Protection scheme which can award refunds in similar circumstances. But all these schemes have time limits, so get your complaint in promptly if there's a problem.

Bank transfer

If a bank transfer is the only payment method on offer, be extremely cautious. It doesn't necessarily mean the retailer is dishonest - it's common for genuine small businesses and sole traders to only accept bank transfers. However, this method offers shoppers the least protection of all.

Bank transfers used to attract virtually no protection at all, but thankfully that's no longer the case. Since May 2019, the Authorised Push Payment (APP) scams voluntary code has seen some fraud victims refunded by their bank, providing they upheld certain standards, such as heeding any fraud warnings from their bank. And from October 2024, banks and payment companies will be legally required to reimburse victims of APP scams in many cases - though the details have yet to be worked out.

However, it's still best to avoid paying by bank transfer unless it's the only payment method available, you have done your own checks and you're sure the retailer is trustworthy.

This article was originally published in January 2021 and updated with new data and advice on 29 November 2023

More on this

Related articles