|

How to Know If a Website Is Legit: The Guide to Shopping Safely Online

Published: Updated: Reading Time: 12 minutes

Our definitive guide for British shoppers on how to spot a scam website. Learn the key checks for URLs, payments, reviews, and company details to stay safe online.

This post may contain affiliate links. If you make a purchase through these links, we may earn a commission at no additional cost to you.

You’ve found it. The perfect pair of trainers, that sold-out gadget, or a stunning dress—and it’s on a website you’ve never heard of, for a price that seems almost too good. Your heart skips a beat. Is this your lucky day, or are you about to be scammed?

In today’s world, the internet feels a bit like the Wild West. For every brilliant, honest online shop, there’s a dodgy dealer in the shadows waiting to snatch your cash. Scam websites are getting smarter. They look slick, professional, and convincing. They use clever tricks to earn your trust, only to disappear once they have your money, leaving you with nothing but a hole in your bank account and a story to tell.

But don’t worry. You don’t need to be a computer whiz to protect yourself. Spotting a fake website is a skill anyone can learn. Think of it like being a detective. You just need to know what clues to look for.

This guide is your complete, no-nonsense toolkit for telling the good sites from the bad. We’ll walk you through everything, step-by-step, from quick five-second checks to deeper investigations. By the end, you’ll be able to shop online with confidence, knowing exactly how to spot a scam from a mile away.

The First Glance Test: Five-Second Checks Anyone Can Do

Before you even think about adding something to your basket, take a few seconds to look for the most obvious clues. These quick checks can often tell you everything you need to know.

Check the Address Bar: Your First Line of Defence

The very first place to look is the top of your browser—the address bar. The website address, also called a URL, is like a shop’s physical street address. It tells you exactly where you are. Scammers love to play tricks here.

A Simple Analogy

Imagine you want to go to Harrods in London. You know the address is 87-135 Brompton Road. If a taxi driver tried to drop you off at “87-135 Brompton R0ad” with a zero instead of an ‘o’, you’d know something was wrong. It’s the same online.

What to Look For:

  • Spelling Mistakes and Typos: This is the oldest trick in the book. Scammers create websites with addresses that look very similar to famous brands. They might swap one letter, add a dash, or use a number instead of a letter. For example, they might use Amaozn.co.uk instead of Amazon.co.uk, or NlKE.com with a lowercase ‘l’ instead of an ‘i’. Always double-check the spelling.
  • Weird Endings (Domains): In the UK, we’re used to seeing addresses that end in .co.uk or .uk. Big global brands often use .com. If you see a website that looks British but ends in something strange like .biz, .info, or a country code you don’t recognise, be cautious. It doesn’t automatically mean it’s a scam, but it’s a reason to be more careful.
  • Overly Long or Complicated Addresses: If the address is a huge jumble of letters, numbers, and dashes, it could be a red flag. Legitimate businesses usually want their web address to be simple and memorable. For example, a real site might be johnlewis.com. A dodgy one might be something like john-lewis-best-deals-uk.shop-online.co.

Your Action: Before anything else, read the website address carefully. Does it look right? Is it spelled correctly? If you’re not sure, open a new tab and search for the brand on Google. Click the link from the search results, as it’s more likely to be the correct one.

Look for the Padlock: What ‘HTTPS’ Really Means

Next, look to the left of the website address. You should see a small padlock icon. If you click on it, you should also see the address starting with https':// instead of just http://.

That little ‘s’ is incredibly important. It stands for ‘Secure’.

A Simple Analogy

Think of it like this: using a website with http:// is like shouting your credit card details across a crowded room. Anyone could potentially listen in. Using a website with https':// is like whispering them directly into the shopkeeper’s ear. The connection is private and scrambled (encrypted), so only you and the website can understand what’s being said.

What a Padlock Does (and Doesn’t) Mean:

  • It means your connection is secure. When you see the padlock and https, it means that any information you send to the website—like your name, password, or bank details—is encrypted. This stops criminals from snooping on your data as it travels across the internet.
  • It does NOT mean the business is legit. This is a crucial point that many people misunderstand. Getting a security certificate (the thing that makes the padlock appear) is now very easy and cheap. Scammers get them all the time. So, while a padlock is essential for protecting your data, it doesn’t prove the website owner is honest.

Your Action: Never, ever enter personal or payment information on a website that doesn’t have a padlock and https://. But remember, the padlock is just the first step. It’s a basic requirement, not a guarantee of trustworthiness. Think of it as checking that a shop has a front door—it’s necessary, but it doesn’t tell you if the owner is a saint or a scoundrel.

Professionalism and Polish: Does It Look the Part?

Now, take a good look at the website itself. Does it feel right? Legitimate businesses spend a lot of time and money making their websites look professional and easy to use. They want you to have a good experience.

Scammers, on the other hand, often throw their websites together quickly and cheaply. They’re not planning on being around for long, so they don’t bother with the details.

A Simple Analogy

It’s like comparing a proper high-street shop with a temporary stall at a car boot sale. One feels solid, well-organised, and trustworthy. The other might look a bit shabby, with handwritten signs and messy piles of stock.

Red Flags to Watch For:

  • Bad Grammar and Spelling Mistakes: A few typos can happen to anyone, but if the website is full of spelling errors, awkward phrasing, and sentences that don’t make sense, it’s a massive red flag. This often happens because the text has been written by someone who doesn’t speak English well or has been put through an automatic translator.
  • Low-Quality Images: Are the product photos blurry, stretched, or all different sizes? Do they look like they’ve been stolen from other websites? Real brands take pride in their photography.
  • Messy Design and Layout: Does the website look chaotic? Are things hard to find? Are the colours clashing? A poorly designed website suggests a lack of care and professionalism.
  • No “About Us” or “Contact Us” Pages: Honest companies want you to know who they are. They’ll have an “About Us” page that tells their story and a clear “Contact Us” page. If these are missing, ask yourself why.

Your Action: Spend a minute clicking around the site. Read some of the text. Look at the product images. Trust your gut feeling. If the website feels unprofessional or “off,” it probably is.

Digging Deeper: Becoming a Website Detective

If a website passes the initial “first glance” test, it’s time to put on your detective hat and do a little more digging. These checks take a few more minutes but can uncover even the most convincing fakes.

Who Are They? Finding Contact and Company Information

A real business is not afraid to tell you who they are and how to get in touch. Scammers, however, want to stay hidden. One of the best ways to test a website’s legitimacy is to check its contact details.

What You Should Find:

By law in the UK, any online business must provide certain information. Look for a “Contact Us” page, a “Help” section, or details in the website’s footer (the very bottom of the page). You should be able to find:

  • A Company Name: The full, registered name of the business.
  • A Physical Address: A real-world address for their office or headquarters. A PO Box doesn’t count.
  • An Email Address: A professional-looking email address, ideally using their own domain (e.g., help@brandname.co.uk, not brandname123@gmail.com).
  • A Phone Number: A UK-based landline or mobile number.

A Simple Test:

Try calling the phone number. Does someone answer professionally? Or does it go to a generic voicemail, or worse, not connect at all? You can also put the physical address into Google Maps. Does it lead to a credible business location, like an office or a warehouse? Or does it point to a residential house or a random field?

Your Action: Find the contact page. If you can’t find a physical address or a proper phone number, be extremely suspicious. If the only way to get in touch is through a simple contact form on the website, it’s a major red flag. They are making it easy for you to contact them, but impossible for you to find them.

Checking Their Papers: Is It a Real UK Company?

For UK-based companies, you can take your detective work one step further. Every limited company in the UK has to be registered with the government at a place called Companies House. It’s a public record, and anyone can check it for free.

How to Check Companies House:

  1. Find the Company Details: Look on the website for a Company Registration Number (CRN). It’s usually in the footer or on the “Terms and Conditions” page. It’s a unique number, often eight digits long or starting with two letters.
  2. Visit the Companies House Website: Go to the official government website: https://www.gov.uk/get-information-about-a-company.
  3. Search for the Company: Type the company name or registration number into the search bar.

What the Record Tells You:

If the company is legitimate, you’ll be able to see:

  • When it was registered (if it was only set up last week, that’s a warning sign).
  • Its registered office address.
  • Who the directors are.
  • If the company is active or has been dissolved.

If you can’t find the company on Companies House, or if the details don’t match what’s on the website, it’s highly likely that you’re dealing with a scam.

Your Action: Look for a Company Registration Number. Search for the business on the Companies House register. This is one of the most powerful checks you can do for a UK-based business.

What’s the Small Print? Reading the Returns Policy and T&Cs

No one enjoys reading the terms and conditions, but spending two minutes scanning them can save you a huge headache later. A legitimate business will have clear, fair, and well-written policies. A scam site often won’t.

What to Look For:

  • A Clear Returns Policy: Under UK law (The Consumer Contracts Regulations), you have the right to cancel and return an order for most items bought online within 14 days of receiving them, for any reason. This is your “cooling-off period.” A website’s returns policy should clearly state this. Look for details on how to make a return, who pays for postage, and how long a refund will take.
  • Red Flags in the Policy:
    • No policy at all: A huge warning sign.
    • “No refunds” or “all sales are final”: This is illegal for most online sales in the UK.
    • Unfair conditions: For example, charging a huge “restocking fee” or making you return the item within 24 hours.
    • Copied and Pasted Text: Sometimes, scammers are so lazy they just copy the policies from another website. Do a quick search for a unique sentence from their T&Cs. If it pops up on lots of other unrelated websites, it’s a scam. You might even find they forgot to change the original company’s name!

Your Action: Find and read the returns policy. Does it seem fair and comply with UK law? If it’s missing, vague, or unfair, do not buy from them.

Social Proof and Reputation: What Are Other People Saying?

Honest companies build a reputation over time. Scammers appear overnight and disappear just as quickly. A great way to check a website is to see what the rest of the internet thinks about it.

The Truth About Reviews: How to Spot the Fakes

Reviews can be incredibly helpful, but you have to take them with a pinch of salt. It’s very easy for scammers to post fake, glowing reviews on their own website.

How to Spot Fake Reviews:

  • They Are All Perfect: If every single review is five stars and full of over-the-top praise like “This is the best company in the world!”, be suspicious. Real companies get a mix of reviews.
  • They Are Vague: Fake reviews often use generic phrases like “Great product,” “Excellent service,” or “Highly recommend.” Real reviews tend to be more specific, mentioning details about the product, delivery time, or customer service experience.
  • The Language Is Odd: Look for reviews with poor grammar or phrasing that sounds unnatural.
  • They Were All Posted at the Same Time: If a website has dozens of reviews that all appeared on the same day, they were probably bought and paid for.
  • Look on Independent Sites: Don’t just trust the reviews on the company’s own website. Check independent review sites like Trustpilot. But even here, be careful. Read the negative and average reviews first, as they are more likely to be genuine. See how the company responds to them. A good company will engage with unhappy customers and try to solve the problem.

Your Action: Look for reviews on independent websites, not just the site itself. Be critical. Read a mix of good and bad reviews to get a balanced picture.

Checking Social Media Presence

Most modern brands have a presence on social media platforms like Facebook, Instagram, or X (formerly Twitter). It’s a way for them to connect with their customers.

What a Healthy Social Media Profile Looks Like:

  • A History of Posts: A real brand will have been posting for months or years. You can scroll back through their history.
  • Real Engagement: Look at the comments on their posts. Are real people asking questions and sharing pictures of their products? Or is it just spam comments?
  • A Decent Number of Followers: While follower numbers can be bought, a long-standing company will usually have built up a genuine following.

Red Flags on Social Media:

  • The profile was created last week.
  • There are very few posts, and they are all about the amazing “sale” that’s on right now.
  • The comments are turned off.
  • The followers look like fake accounts (no profile picture, strange usernames).

Your Action: Search for the company on social media. See if they have an active, professional, and established presence. A lack of social media, or a very new and suspicious-looking profile, is a bad sign.

A Quick Google Search Can Reveal a Lot

Sometimes, the simplest checks are the most effective. Go to Google and search for the website’s name.

Search Terms to Use:

  • "[website name]" + reviews
  • "[website name]" + scam
  • "[website name]" + complaint
  • is [website name] legit

Using quotation marks around the website name tells Google to search for that exact phrase.

This simple search can uncover forum posts on places like MoneySavingExpert or Reddit where other people are discussing their experiences. You might find a thread full of angry customers warning others to stay away. Or, you might find nothing at all—which can also be a red flag for a site that claims to be a popular brand.

Your Action: Google the website’s name with words like “scam” or “review”. See what other people are saying. No news is not always good news.

The Money Test: Secure Payments and Dodgy Deals

When it’s time to pay, you need to be extra careful. The payment options a website offers can tell you a lot about its legitimacy.

How to Pay Safely Online

How you pay makes a big difference to how protected you are if things go wrong.

The Safest Ways to Pay:

  1. Credit Card: This is generally the safest option. Under Section 75 of the Consumer Credit Act, if you pay for something costing between £100 and £30,000 with a credit card, the card company is jointly liable with the seller if things go wrong. This means if the goods don’t show up or are faulty, and the seller disappears, you can claim your money back from your credit card provider. It’s a powerful piece of protection.
  2. PayPal: PayPal offers its own “Buyer Protection” scheme. If your item doesn’t arrive or isn’t as described, you can open a dispute and PayPal will investigate. It adds an extra layer of security between you and the seller, as you don’t have to share your card details directly with them.
  3. Debit Card: Paying by debit card offers some protection through a scheme called “chargeback,” but it’s not as strong as Section 75 and isn’t a legal right. It’s a good option, but a credit card is better for larger purchases.

The One Payment Method to ALWAYS Avoid:

  • Bank Transfer (or Direct Debit): If a website asks you to pay by direct bank transfer, stop immediately. This is a massive, flashing red light. It’s like handing over a wad of cash to a stranger in the street. Once you send the money, it’s almost impossible to get it back. Scammers love bank transfers because they are fast, direct, and irreversible. No legitimate retail website will ask you to pay this way.

Your Action: Check the payment options at checkout. If they offer secure methods like credit card and PayPal, that’s a good sign. If they only accept bank transfers or other unusual methods like cryptocurrency, it’s a scam. Close the tab.

If a Deal Looks Too Good to Be True…

We all love a bargain. But scammers prey on our desire to find a great deal. If you see a brand-new iPhone for £100 or a pair of designer shoes for 95% off, you need to be skeptical.

A Simple Rule:

The old saying is true: If it looks too good to be true, it probably is.

Scammers use ridiculously low prices to lure you in and make you abandon your common sense. They create a sense of urgency with “limited time only” offers, so you rush to buy without doing your checks.

Your Action: Before getting excited about a massive discount, compare the price with well-known retailers like John Lewis, Amazon, or Argos. If the price is dramatically lower than everywhere else, there’s usually a reason.

Tools of the Trade: Free Online Website Checkers

If you’re still not sure about a website, there are some free online tools that can help your investigation.

Using a WHOIS Lookup

Every website domain (.com, .co.uk, etc.) has to be registered. The details of this registration are stored in a public database called WHOIS (pronounced “who is”). You can use a free WHOIS lookup tool online to see this information.

How to Do It:

  1. Search for “WHOIS lookup” online.
  2. Enter the website address you want to check.

What to Look For:

  • Creation Date: This is the most useful piece of information. The tool will tell you the exact date the website address was registered. If the site claims to be a long-established brand but its address was only registered two weeks ago, it’s a scam.
  • Registrant Information: Sometimes you can see who registered the site, although many people now use privacy services to hide this.

Your Action: Use a WHOIS tool to check the website’s creation date. A very new website is a significant red flag.

Website Safety Checkers

There are also tools that can scan a website for signs of malware or phishing.

  • Google Safe Browsing: You can visit https://transparencyreport.google.com/safe-browsing/search and enter a website address. Google will tell you if it has found anything unsafe on that site.
  • NCSC’s Check Your Cyber Security: The UK’s National Cyber Security Centre provides tools and advice. While they don’t have a single URL checker for the public, their guidance is invaluable.

These tools are helpful, but like the padlock, they are not foolproof. A new scam site might not have been flagged yet.

Your Action: Use these tools as an extra check, but don’t rely on them completely. Combine them with the other detective skills you’ve learned.

What to Do If You’ve Been Scammed: Your UK Action Plan

Even with the best will in the world, anyone can get caught out. Scammers are professionals, and their tricks are constantly evolving. If you think you’ve been scammed, the most important thing is to act quickly. Don’t be embarrassed—it happens to thousands of people.

Step 1: Contact Your Bank Immediately

This is the most critical step. Call the fraud department of your bank or credit card company straight away. Their number is on the back of your card.

  • Tell them you think you’ve been the victim of a scam.
  • Ask them to block your card to prevent any more money from being taken.
  • If you paid by debit or credit card, ask them to start the chargeback or Section 75 process to try and recover your money.

The sooner you call, the better your chances of getting your money back.

Step 2: Report It to the Authorities

Reporting the scam is vital. It helps the police build a picture of what’s happening and can prevent others from falling for the same trick.

  • Report to Action Fraud: This is the UK’s national reporting centre for fraud and cybercrime. You can report it on their website (actionfraud.police.uk) or by phone. It’s important because it helps the police track these criminals.
  • Report to Citizens Advice: You can also report the scam to the Citizens Advice consumer service. They can give you expert advice and pass the information on to Trading Standards.

Step 3: Secure Your Information

If you entered a password on the scam website, and you use that same password for anything else (like your email or social media), change it immediately. Scammers will try to use your details to access your other accounts. Be on the lookout for follow-up scams, where they might call you pretending to be your bank or the police.

Conclusion: Your Checklist for Staying Safe Online

The online world is full of amazing opportunities, and you shouldn’t be afraid to shop online. You just need to be careful and prepared. By turning these checks into a habit, you can protect yourself from the vast majority of scams.

Here’s your final, quick-fire checklist. Before you buy from an unfamiliar site, ask yourself:

  1. The Address: Is the website address spelled correctly?
  2. The Padlock: Is there an https and a padlock icon?
  3. The Look: Does the site look professional, with no spelling mistakes?
  4. The Contact Details: Can I find a real UK phone number and physical address?
  5. The Company Check: Is it registered on Companies House?
  6. The Reviews: What are people saying on independent review sites?
  7. The Payment: Does it offer secure payment methods like credit card or PayPal? (And NOT bank transfer?)

Taking just two or three minutes to run through these questions can save you hundreds of pounds and a whole lot of stress. Shop smart, stay safe, and enjoy everything the internet has to offer, securely.

Further Reading & Resources

For more information and help, these official UK resources are the best places to go:

Want More Like This? Try These Next: