The 5 easiest ways to spot a fake website in seconds

Let me start by telling you a story about someone that couldn’t spot a fake website. I was speaking to my best friend two days ago, catching up over some now-allowed outside brunch when she dropped an absolute clanger on me. The conversation went like this – 

“So Dave got scammed last week.”

“What do you mean he got scammed last week?”

“He went on the Daily Mirror website and there was this advert for an investment opportunity, basically a “make money quick” scheme so he registered with them online then called them up and they asked him for a one-off payment of £250 and his credit card details.”

“Did he give them his details?!”

“Yes! It was the Daily Mirror, of course he gave them his details.”

I know what you’re thinking – we can now guess it’s not the Daily Mirror but bear with me.

“Then £250 was taken from his account and over the course of the next few days, more and more money was taken off of his credit card that he couldn’t account for. So he called them up and the number was no longer valid…”

“So did you check out the website again?” 

I know what you’re thinking – we can now guess it’s not the Daily Mirror website but bear with me.

“Yes! And it was an exact replica of the real Daily Mirror website – its appearance was exactly the same; everything looked legit!”

And there lies the problem – fake websites DO look legit. So how does my best friend’s husband and all of you out there now checking your credit card statements for fishy Daily Mirror transactions spot a fake website? By checking for these 5 things:

1) The URL

We spend so much time online these days that we rarely take much notice of the URL structure of a website that we visit. When was the last time you really sat there and looked at a URL to see if it was exactly what it should be? More importantly, do you know exactly what it should be? 

Take the StatusCake website URL as an example:

One single letter in this URL signifies a secure website – the “s” after HTTP. Always check websites that you’re going to give personal information to have “HTTPS” and not just “HTTP” so you know it has security measures in place to protect your data. 

But that’s not all you should be looking out for when spotting a dodgy URL. 

It might sound strange but fake websites like to use numbers in their URL structure. 

For example – 

Vs. the real URL which would be – 

Subtle differences that you may not notice but could be the difference between you having an experience like Dave, and being safe on the internet. 

2) Check the payment methods they accept 

Trustworthy websites use the logos of Visa, MasterCard, PayPal, and so on to show that they use secure methods of payment. Always check for these before adding any of your card details or bank details onto a website. The logos of these trusted payment companies can usually be found in the header or the footer of a website or on the checkout page.

If the website doesn’t show any of the recognisable payment methods that you’re used to, then be sure to check on their actual website. For example, if you’ve never heard of “Klarna”, do some investigating of your own by researching and if they are legit, they will have details of their own security methods of processing your payments and their encryptions. 

3) Is the website professional?

Nothing screams fake website more than a 1999 template that has bold headers followed by random chunks of text, all unaligned, all full of spelling errors, and a mobile number as the contact. 

Dave found the Daily Mirror website harder to spot as fake because the scammers made it look exactly like a recognisable brand. But there are some tell-tale signs, even on these ones.

For example, sometimes these websites will use the wrong font when trying to replicate the original brand. 

For example:



Subtle but a clear sign of a fake website. Same goes for logos that have been copied, just not very well. Ah, the power of content.

4) Check if they’re a registered company

Companies tend to put their registered company and address on their website. It’s most likely to be displayed in the footer of the homepage or on the terms and conditions page. 

For example, ours sits on our terms and conditions page – 

TrafficCake Limited is a company registered in England and Wales (Company No. 08250233) and whose registered address is Third Floor, 12 East Passage, London, EC1A 7LP.

If you can’t find the company’s registered details on their website, or you’re suspicious of the details that they’ve provided, always check with your country’s registered companies database. These are readily available to you online and take just a few seconds to show you if a company is legally registered or not. 

5) Read the terms and conditions

Fake websites tend to get those of us that just click “yes” to cookie policies, to privacy policies, and unfortunately, to terms and conditions. Some of them don’t even have terms and conditions. 

The one clear way to spot a fake website is by signing up for a service that gives you no terms and conditions to agree to. Why? Because they’re not planning on providing you with that service or the deal they’re offering you really is far too good to be true.

In this day and age, it’s very difficult to spend 15 minutes of our time reading through tedious legal jargon on a terms and conditions page, only to see that yes, everything is a-ok. But, what if it wasn’t? If Dave had spent time looking for terms and conditions, he might have thought twice about giving the fake Daily Mirror his credit card details and saved himself a whole heap of mess. 

Ultimately, fake websites will always somehow find a loophole to nab people, even if you follow every rule in the book. But if you take note of these top 5 ways of spotting a fake website, you’re far less likely to become Dave. 

SSL certificates are a sure-fire way of making sure a website is safe and checking for that trusty “padlock” on the URL bar. Combine that with Google rankings, online reviews that have both positive and negative reviews, their social media accounts, and a well-presented website and it’s likely that where you’ve landed is safe. If you’re ever in doubt, don’t put your personal information into any forms or pop-ups, especially if it says Oh, Dave. 

P.S Dave got his money back after cancelling his credit card. Hooray for Lloyds.

Share this

More from StatusCake

code Kata

Solving Code Katas Using Test Driven Development (TDD)

7 min read Let’s dip our toes into TDD by using a Code Kata. A Code Kata is an exercise in programming which helps developers hone their skills through practice and repetition. There are many code katas out there, I’m going to pick a simple one for this example. You can follow along in any language you chose, for this example I’ll be working in C#.

customer interaction

How does your website design and content affect customer interactions and conversions?

4 min read The aim of your website is obviously to get potential customers to engage with as much of it as possible, and ultimately, make a purchase. But as we well know, it isn’t as simple as someone landing on your website and instantly converting. 9 times out of 10, there’s a whole sequence of actions that take place before a customer makes a purchase. The best thing? You can see exactly what this sequence of events looks like by analysing and combining data from a couple of your tools so you can make better, more informed decisions about the content of your website.


DevOps Explained

4 min read If you’re in the software development space, or just started a career in software development you’ve probably heard people talking about DevOps. Studies show that 74% of companies have implemented DevOps in some fashion, but what is it exactly? Find out everything you need to know in this post.


Microservices vs Monoliths explained

6 min read If you’re a dev you’ve no doubt, come across people talking about monolith and microservice application architecture. Perhaps you are involved in designing a new system and have been asked to consider both architectures. The conversations are often regarding how microservices are the successor to monolith architecture, but today I’m going to try and layout why it’s not as simple as one being better than the other.

black friday

Why you should have a website monitoring tool ready for Black Friday

2 min read It’s not all fun and games as a company owner during the biggest sales season of the year; unfortunately, you’re more likely to suffer website issues than on an average day. Find out how you can keep your website performing at its best during Black Friday right here!


Why Google SSO is so important

3 min read Do you know what an SSO is? Do you know if you’re currently using one? Here’s everything you need to know about an SSO and what the benefits are to using them.

Want to know how much website downtime costs, and the impact it can have on your business?

Find out everything you need to know in our new uptime monitoring whitepaper 2021

*By providing your email address, you agree to our privacy policy and to receive marketing communications from StatusCake.