It’s that time of year when stressed parents start looking for promising back to school deals to kick off the school year. Unfortunately, hackers, scammers, and identity thieves are gearing up for the flood of online shoppers too.
Shopping on a fake website could result in your personal or financial information being stolen or your device becoming infected with a virus or malware. Knowing how to spot red flags is crucial but simple once you know what to look for. We’ve got tips, tricks, and tools for checking a website’s legitimacy below.
Step 1 - Take a look at the address bar
First things first, what you want to look for on a website is the https:// at the beginning of the address. The S in https:// stands for secure and indicates that the website uses encryption to transfer data, protecting it from hackers.
If a website uses http:// (no S), that doesn’t guarantee that a website is a scam, but it’s something to watch for.
To be on the safe side, you should never enter personal information into a site beginning with http://.
Some internet browsers, like Google Chrome, lend a hand in warning you about unsecured websites. When a site is secure, you may see a small padlock next to the web address, or the address may be highlighted in green. You might also notice the domain name next to the padlock before the https://. That means the website has one of the highest levels of encryption and can be trusted.
If you’re unsure, you can click on the padlock or “Not secure” notice to see more details about the website’s security. You can also check up on a site through Google’s safe site search. The presence of the https:// doesn’t guarantee security, but it’s a good starting point. There are also addons that can be added to your browser that will warn you before you enter a unsecure site.
Step 2 - Double check the domain name
Always check the entire domain name, not just the beginning. Sometimes, the clever little scammers will add characters to the domain name you already know and trust.
Below is an examples of a spoofed URL using a popular business you know.
A favorite trick of scammers is to create websites with addresses that mimic those of large brands or companies, like Yah00.com or Amaz0n.net. Scammers count on you skimming over the address and domain name, so it’s always worth double-checking the address bar if you’re redirected to a website from another page.
Don't fall prey to the websites that use a different domain extension than the legitimate business you are looking for! Be especially careful when clicking on search results.
Step 3 - Watch for fake form fields
They are designed to mimic the real thing. If you have any doubts, enter in a fake password. Most fake sites will accept phony information. Here's a tip: Use two-factor authentication whenever possible. ( This is when a site requires the username, password, and an addition verification code which is generated by the site and usually texted to you.)
Step 4 - Only use secure payment options
Shopping websites such as eBay or Amazon should offer standard payment options, such as credit cards or PayPal. If a website requires you to use a wire transfer, money order, or other unsecured (and nonrefundable) form of payment, we recommend staying away, even if the rest of the website looks legitimate.
Step 5 - Don't be fooled, be educated
Below are things to keep in mind when on a site that requires your personal information.
- Look for poor grammar and spelling:
An excess of spelling, punctuation, capitalization, and grammar mistakes could indicate that a website went up quickly. Companies with legitimate websites may certainly have the occasional typo but still put effort into presenting a professional website. If a website capitalizes every other word or has a lot of odd phrasing and punctuation, proceed with caution.
- Check to see if the contact info is reliable:
Look for several ways to contact the company (phone, email, live chat, physical address) and try them out. Does anyone ever answer the phone? Do you get a generic pre-recorded voicemail or generic email response? If the only method of contact is an online email form, be wary.
I once found a series of similar websites that all used the same “live” chat that generated generic responses instead of actually answering my questions. It was a huge tip-off that none of the sites were legit.
- How old is the site in question?:
Scammers know that more people will be shopping online during the holidays, or around back to school, so they put together real-looking websites very quickly. By checking the domain age, you can see how long the website has been in business, giving you a better sense of its authenticity.
The Whois Lookup domain tracker gives you information about who a domain name is registered to, where they are, and how long the website has been active.
- If the deal seems to good to be true, it probably is a scam:
Sometimes retailers heavily discount older merchandise to offload excess goods or make room for new products, but if you find a site that has the latest iPad model listed at an 80% discount, walk away. Chances are high that you‘ll never see the goods you purchase or the money you spent again.
- Do your research on the company in question:
A quick online search of reviews of a website will tell you a lot. You can research the reputation of the seller through the Better Business Bureau and other official review sites. If there aren’t any customer reviews anywhere, that’s a concern. If you find large numbers of negative reviews, that’s a clear signal to walk away.
Whether it's back to school supply shopping, or you're buying a new iPad, you should always keep the thought that scammers are out there in the back of your mind. Be diligent and educated when shopping online.
And of course, if you ever have any questions, we are always here to help. Educating our clients is what we do, and it's never a bother.
Brittany and Jacob.
Your 208GEEK family.