BBB Tip: How to Check if a Website Is Legitimate

Consumer shopping online

With advances in technology, the internet has changed the way we shop, bank and search for information. At the same time, it has created new opportunities for criminals to scam consumers using websites that appear legitimate but aren’t.

Knowing how to identify fake websites has become essential to protect your identity, personal and financial information.

Fortunately, there are many ways to check if a website is legitimate.

10 Ways to Check if a Website Is Legitimate

#1. Is the site using secured encryption?

All major browsers show a padlock next to the website address when your connection is secure, and your information is private when sent to the site.

Secure website with padlock

If you click on the padlock, it will display additional information.

Note that a secure connection does not guarantee that the website is legitimate.

It’s easy for a scammer to obtain a SSL (Secure Sockets Layer) certificate, as many web hosting companies automatically provide them for free. So this does not mean that the owner of the site is above board. However, an unsecured site that asks for your personal information is a red flag.

#2. Watch for poor grammar and spelling

Poor grammar and spelling, broken English and incorrect punctuation are signs that a site may not be what it pretends to be. Most legitimate companies work hard to ensure that their website looks professional.

Note that some scammers replicate legitimate company websites. So a professional-looking site does not always mean the site is legitimate.

#3. Check the contact page

Most legitimate businesses will provide customers with multiple options to make contact. At a minimum, they will publish their phone number, email address and street address.

Call the number listed to verify that it’s legitimate. If the person answering the phone doesn’t sound professional, hang up. Many scammers rent U.S. phone numbers that direct your call to their cell phone, often in another country.

If no phone number is listed, that’s a red flag. Send an email (if one is listed) and ask for a phone number. If you receive no response, chances are you’re not dealing with a legitimate business.

#4. Look for an About page

Scammers often don’t take the time to fabricate a convincing story about the history of a company, its brand, or its mission and vision.

If the website doesn’t have an About page or if it’s poorly written, that’s a red flag.

#5. Does the site have a privacy policy?

Businesses that collect personal information from customers online must comply with privacy laws. A privacy policy explains what data is collected and how that data is used, protected and stored.

Fake websites often don’t have a privacy policy; if they do, it’s typically not adequate or relevant.

#6. Does the site have social media icons?

Most legitimate businesses have a presence on social media and link to those sites from their website. Check if the website has links to social media channels and click on those links to see if they’re legitimate.

If the links are fake or they haven’t published any content, you should think twice.

#7. Check if a website is dangerous to visit

The following two free resources can help to identify websites that are dangerous to visit.

Google Safe Browsing

Safe browsing site status

If you’re not sure if it’s safe to visit a website, use Google’s Safe Browsing site status tool to see if a website is currently dangerous to visit. It will also identify legitimate websites that have been hacked as unsafe to visit.


Website reputation checker

URLVoid helps identify websites involved in malware and phishing incidents.

#8. How old is the website’s domain?

A website that appears established but its domain name is only a couple of days or weeks old should ring alarm bells.

Use a website such as to check when the domain name was registered and to whom. Note that details such as the owner of the site are not always publicly available.

#9. Double check the domain name

Scammers use a variety of techniques to manipulate domain names to make them appear legit.

Examples include using a “0” (zero) instead of an “o” or using a domain extension such as .us instead of .com to mislead consumers.

As a rule, don’t click any links in suspicious emails and always check the URL of a page you’re on to make sure it looks legit. Browsers such as Chrome will show the URL of a site in the bottom left corner of your screen when you hover your mouse over a link.

#10. Check out the company through

Check out the business at Verify if the business is BBB Accredited, read verified customer reviews and take note of any complaints filed.

The Better Business Bureau has resources to help consumers and businesses. You can report a scam (whether you’ve lost money or not), file a complaint against a business, leave a review of a business you’ve used and report an ad.   

Visit our blog for more tips and helpful information.

Share on facebook
Share on twitter
Share on linkedin