Sometimes it can seem like the internet is teeming with scams, which makes website safety checks crucial. Before clicking links and giving away sensitive personal info online — ask yourself: Is this link safe? Keep reading to learn how to check if a website is legit, and use an online security app to help you stay safe on all the websites you visit.
If you’re unsure, don’t click the link: When browsing online, caution is critical. Avoid clicking impulsively and take a moment to research the website or link before proceeding.
Use a legitimate URL checker: Always use a website checker or verify a site’s reputation before entering any personal information.
Be a smart online shopper: A great online bargain is hard to resist, but before handing over your financial details and hard-earned money, pause and check the key signs of a fake site.
"From Q4/2023 to Q2/2024, web threats have seen an approximate 17% increase in incidents compared to other cyber threats, underscoring a persistent and troubling upward trend." - Gen 2024 Threat Report
To quickly check if a site is legit or a specific URL is safe, use a website safety checker like Norton Safe Web, Google Transparency Report, VirusTotal, urlscan.io, or the Hybrid Analysis tool. These website safety check tools will scan the selected website for malware, security vulnerabilities, spoofing, and phishing attempts.
Whichever website link checker you choose, bookmark it for later use — it’s important to test if a site is legit before you do anything sensitive, like enter your credit card details.
That said, using third-party website checkers may involve risks such as data privacy concerns, inaccurate results, or potential security vulnerabilities. When you copy and paste a URL, the checker may collect, store, or analyze your browsing habits, website preferences, or other metadata, potentially sharing this information with advertisers or unauthorized parties. So, always check any new ones you’re considering using.
Norton Safe Web is a website checker that scans sites for threats like malware and phishing scams, giving each site a safety rating so you can spot dangers before clicking. It also displays a star rating for each site based on feedback from Norton’s community of users.
To check if a website is safe, just enter a URL in the search box and hit Enter. It then provides an instant safety report.
According to Google, their website checker “examines billions of URLs per day looking for unsafe websites.”
To find out if a link is safe, visit the Google Transparency Report website, then just copy/paste the suspicious URL into the search box and hit Enter.
Google Safe Browsing’s URL checker will test the link and report back on the site’s legitimacy and reputation in just seconds. It’s that easy to use Google’s URL scanner.
Google knows the web — that’s why its site checker is so accurate.
A similar unbiased safety tool is VirusTotal’s free website security checker, which inspects sites using over 70 antivirus scanners and URL/domain blacklisting services. This link checks for viruses and detects various types of malware, computer viruses, and other security threats.
VirusTotal’s URL checker works just like the Google Safe Browsing tool: simply type the URL you want to check and hit Enter to see a status report. It’ll quickly scan URLs and report back immediately.
Is this website legit? VirusTotal has answers.
Another free online tool designed for analyzing and scrutinizing websites is urlscan.io — it’s primarily used to identify potential threats like phishing, malware, and other malicious activities.
The tool works by simulating user visits to a URL: it records detailed interactions, including web requests, redirects, and scripts executed. It also provides insights into page behavior, linked resources, and potential indicators of compromise (IOCs) like suspicious domains or IP addresses.
Simply visit urlscan.io and enter the suspicious URL.
Curious if a website is fake or real? Let urlscan.io uncover the truth.
You can also filter your website search by choosing public or private scanning and start the process before reviewing the report for malicious indicators or unusual behavior.
Hybrid Analysis is a free malware analysis service powered by CrowdStrike’s Falcon Sandbox. The platform supports quick scans, bulk file analysis, and advanced searches using attributes like file type, domain, or specific malware families.
You can test website legitimacy with Hybrid Analysis by visiting the official website: submit the URL for analysis, review threat indicators, and evaluate behavioral insights for potential risks.
Not sure about a website? Hybrid Analysis can help.
Search engines like Google and Bing often put the highest-trafficked sites at the top of the first page, which usually favors official company websites. Using search engines to double-check how a website ranks can offer clues about its legitimacy.
When pasting a website into Google or Bing, look for the following safety indicators:
Check if the site appears in the top search results.
Look for multiple independent references and reviews about the website.
Ensure the site description matches the actual content and be cautious of sites with suspicious or generic descriptions.
Pay attention to warnings from search engines about potentially malicious content.
When you search online, the search engine may display warnings next to some links, such as “This site may be hacked” or “This site may harm your computer.”
If you see a warning about a site you’re about to visit, go elsewhere.
Any of these signs mean the website is not safe to visit, and you should find a legitimate site instead — especially for online shopping.
While not foolproof, this method provides a basic initial screening to help determine a website’s credibility before visiting.
The best secure web browsers include security features to help you stay safe online. These built-in browser tools can block annoying pop-ups, send do-not-track requests to websites, stop malicious downloads, and control which sites can access your webcam and microphone.
Take a moment to review your browser security settings. Here’s how:
Chrome: Settings > Privacy and security
Edge: Settings > Privacy, search, and services
Firefox: Settings (or Options) > Privacy & Security
Safari: Settings > Privacy
To stay even safer and more private, use a browser built with privacy at the forefront. AVG Secure Browser masks your digital fingerprint to block targeted advertising, malicious extensions, and phishing attacks, helping to prevent identity theft — all for free. Plus, forced HTTPS encryption ensures your connection is safe.
Checking a URL before clicking it is a simple way to perform your own website safety test. In other words, to check if a link is safe, find out where the link leads before you click on it. How? Just hover over any link to verify the URL it’s actually linked to.
Try hovering your mouse over this.
Hover your mouse over the link above, but don’t click it. In Firefox, Edge, and Chrome, you should see the URL that it links to at the bottom-left of your browser. If you check links before you click them, you’ll become your own scam checker!
You can also check URLs and see if links are safe on Safari, but this requires one extra step. Go to View > Show status bar. Then, when you hover over the link, you’ll see where it leads in the bottom-left corner of your screen.
On most mobile browsers, you can check a URL without clicking by pressing and holding the link. This action should show a pop-up menu; select Preview page to preview the URL in a pop-up or tooltip, depending on your browser. By reviewing the link before clicking, you can avoid scams and ensure you’re visiting legitimate sites.
Make sure the URLs are spelled correctly. Most people only glance at text on the web. Hackers know this and will often substitute visually similar characters (e.g., “Yah00.com” instead of “Yahoo.com”) to trick you into visiting their phishing sites and unwittingly giving them your passwords, credit card numbers, and other private data.
Don’t fall for this trick — it only takes a moment to verify a link looks safe.
HTTP (Hypertext Transfer Protocol) is the fundamental protocol for sending data between your web browser and the websites you visit. HTTPS is the secure version of this — the “S” stands for “secure” and means that the site has something called an SSL certificate.
SSL stands for Secure Sockets Layer, a protocol that encrypts data between your browser and a website. Websites with an SSL certificate display “https://” in the URL, which indicates the site is legitimate and the connection is protected. If these elements are missing, don’t enter your personal details. You can also check a website’s certificate, and other security information, by clicking the tune icon (Chrome) or padlock icon (Safari, Edge, Firefox) next to the URL in the address bar.
Online banking and shopping sites typically use something called HTTP Strict Transport Security (HSTS) to prevent criminals from stealing sensitive information like your passwords. This protocol forces browsers to connect to them via HTTPS to keep communications encrypted.
HTTPS isn’t a silver bullet, though. Most phishing websites have an SSL Certificate to try to appear legitimate, so you shouldn’t rely on this method alone to check for scam sites.
You can get extra protection by combining HTTPS encryption with a virtual private network (VPN) — which encrypts your internet traffic from the moment it leaves your device until it reaches the website you’re visiting, and back.
If you’re already on a website, but can’t tell if the site is legit, look for a privacy policy. Reputable websites should have a privacy policy page, as it’s the law in many countries. Search the site to find their privacy policy — you can often find them in the header or footer of the site — and be suspicious if you can’t find one.
Is this link safe? A privacy policy is one good sign that it might be.
Unfortunately, many privacy policies are full of legalese and hard to understand. Search for words like “third parties,” “data,” “store,” “retain,” and similar terms if you’re curious about how the site handles your personal data.
Some websites might keep your data, while others might sell it to data brokers. For example, here's what Google does with your data.
Trust badges, or trust “seals,” usually appear on shopping or e-commerce sites to signal trustworthiness. If a customer scans the site, these icons jump out as a sign of legitimacy.
Trust seals may look safe, but they’re not a real website safety check.
While legitimate sites use trust badges, they lack official verification. Many sites simply copy and paste these icons, without having any real security. In fact, there are articles out there advising e-commerce sites to create their own trust seals simply to increase sales.
A trust badge doesn’t tell you anything about that site’s reputation or security practices. So do your due diligence, especially before shopping online.
To figure out if an e-commerce website is safe, try searching “Is [e-commerce shop] a scam?” or “[e-commerce] shop reviews.” If it’s a scam, you’ll likely find a lot of negative reviews. If you can’t find anything, avoid that particular shop and find a legit, well-reviewed one instead.
Sometimes a website looks so spammy, you can tell it’s a scam immediately without having to research its reputation. If you accidentally land on a website like this, there are some obvious signs of malware you can look for.
You should be suspicious that a website is fake if you notice these warning signs:
If a site has lots of flashing warnings, exclamation marks, or other kinds of spammy content, it’s probably a scam website. These elements are designed to cause confusion or create urgency to pressure you into taking quick actions and trick you into revealing personal information.
If you arrive on a site and tons of pop-ups appear, close the browser window immediately — the site could be infected with malvertising, adware, or another type of malware. Clicking the pop-up window might trigger other pop-ups, so close the window:
On Windows, press Alt + F4 or press Ctrl + Shift + Esc to open Windows Task Manager, then force-quit the process.
On a Mac, press Command (⌘) + W to force-quit the window.
If you get immediately redirected to a different website, especially a suspicious one, this is a malicious redirect. It can mean that the original site is fake or that a legitimate site got hacked. The original site may not have malicious intentions, but until they clean up their code and remove the malware, you don’t want to be there.
When assessing a website’s legitimacy, look for spelling and grammar errors. Poorly written content, inconsistent language, and awkward phrasing often indicate a lack of professionalism. Scammers may intentionally use bad grammar to filter out more discerning visitors, targeting those less likely to notice that they’re about to succumb to a scam or hack.
Want to know who’s behind a certain website? Use WHOIS (pronounced “who is”) to find out who owns the domain, where and when the site was registered, contact information, and more. Try a WHOIS lookup — it will help you determine if the site is legit or fraudulent. Suspicious signs include hidden details, short expiration dates, or vague contact info.
Is this site legit? Enter any URL to learn who’s behind the website.
You can also use whois to check the domain’s age. Newer websites, especially those created recently, might indicate potential risks like spam or fraudulent intent. A well-known business typically has a long-established domain, while a new domain could suggest it’s a temporary or suspicious site.
Inspecting a website’s design layout can reveal important clues about its legitimacy. Poor design, broken links, or mismatched branding may indicate a fake site.
A fake site might have the following characteristics:
Poor overall layout and unprofessional appearance.
Inconsistent or low-quality graphics and images.
Misaligned elements or awkward spacing.
Excessive use of stock photos, especially if they’re irrelevant.
Lack of responsive design (doesn’t adapt well to different screen sizes).
Inconsistent branding (e.g., multiple fonts, clashing colors).
Broken links or non-functioning buttons.
Lack of attention to detail in typography and text formatting.
Legitimate businesses usually invest in professional web design, so poor design or inconsistencies can be red flags. However, some small businesses may have simpler sites that are still trustworthy. Design quality should be evaluated alongside other credibility factors.
If you’re not sure if a website or company is legit or fake, find their official contact details and call them. If the number doesn’t exist — or if someone answers with no knowledge of the website — it’s probably a scam.
To find a website’s contact details, look for a “Contact Us” or “About Us” link, usually located at the top or bottom of the page. Be cautious, as fake websites may display fraudulent contact information. To verify legitimacy, try a WHOIS lookup to see if a number is available (though it may be hidden) or search for the company’s contact information online to see if it matches what’s displayed on the site.
Social media is a useful tool for verifying a company's authenticity. Many businesses maintain active profiles on platforms like Facebook, Instagram, or X (formerly Twitter), providing an easy way to confirm their presence.
However, be cautious of fraudulent accounts that impersonate legitimate businesses. Look for signs like verified badges or consistent branding to confirm a company’s true presence online. That said, be cautious, as these can also be used to trick people into thinking a site or profile is legitimate. For example, on X, you can pay for a blue tick, which doesn’t guarantee authenticity, while Meta’s verification may have stricter criteria. Always research further before trusting a site based solely on these signs.
While social media can be a legitimate contact point, be aware that links and addresses used on websites can be copied to give a false impression of legitimacy. To verify a company’s true activity, it’s best to visit its social media pages directly rather than relying on external links.
Here are a few things to check on social media to verify a company’s legitimacy:
Followers: Examine the quality and quantity of followers. Look for genuine, active profiles and be wary of accounts with empty or generic profiles, suspiciously uniform follower characteristics, and extremely low engagement rates.
Account engagement: Look for consistent posts, interactions with customers, and authentic comments. Be wary of spambots, which can flood comments with generic or irrelevant messages to create a false sense of engagement. Genuine businesses tend to engage with their audience regularly.
Profile completeness: Check for a fully filled-out profile, including clear contact details, business information, and links to their official website.
Reviews: Authentic businesses often have customer reviews or feedback on their social media pages, showing real experiences.
Verifying these aspects will help you ensure the company, and their website, are legitimate.
A legitimate business typically has a well-maintained Trustpilot profile, where you can see verified customer feedback. Using platforms like Trustpilot or Feefo to check customer reviews can help you assess a website or company’s trustworthiness. Be cautious if the website lacks reviews or if the reviews seem overly generic as these may be suspicious.
On Trustpilot, several indicators suggest that a website or business may be unreliable:
Trustpilot score: This is a key factor when assessing a website’s legitimacy. A low score or a significant number of negative reviews can suggest that a company may be real, but not trustworthy.
A Trustpilot review of a website with a low score.Consumer warnings on company profiles: Trustpilot adds these to company profiles when they are found to be misusing the platform, such as fabricating reviews. These warnings are visible to consumers and can indicate suspicious activity.
Fake or harmful reviews: Trustpilot actively removes reviews identified as fake, such as those left by businesses about themselves or incentivized reviews. A high volume of flagged reviews may suggest that a business is trying to manipulate its rating.
Suspicious review patterns: Reviews that seem overly positive without offering specifics, or those that appear to come from a small pool of users, can be red flags. You should also look for unverified reviews or a sudden spike in reviews, as this may indicate fake feedback used to boost ratings quickly and create a false sense of trust.
Consumer alerts: Trustpilot posts alerts users if a business is under investigation by regulators or has been flagged for high-risk behavior, which can also signal potential issues with the legitimacy of the site.
Wrong or missing company website link: A missing official website link on a Trustpilot profile may indicate a lack of transparency, potentially pointing to a fake or unreliable business.
If you spot any of these signs on a company’s Trustpilot profile, approach the website with caution.
In contrast, a verified and trustworthy business will have its website displayed and a good (or excellent) score average across many reviews, like below.
AVG’s official Trustpilot profile.
Trusted sites typically offer secure, well-known payment methods like credit cards, PayPal, or other reliable processors. If a site only offers unconventional or limited payment options, it may signal potential fraud or poor business practices.
Here’s how to know if a website is legitimate via its payment options:
It offers secure payment gateways: Legitimate sites typically use well-known processors like Stripe, PayPal, or Google Pay, rather than handling payments directly. Sites asking for payments over methods that don’t typically offer buyer protections, such as direct bank transfers or P2P payment apps like Venmo, could be a scam.
The payment page starts with HTTPS: The URL should always start with “https://” on the payment page and across the site.
Remember, legitimate businesses invest in secure, reputable payment systems to protect themselves and their customers.
A robust cybersecurity tool also works as an effective scam checker, helping you avoid fake websites. Download AVG AntiVirus FREE to help protect against adware, phishing, unsafe Wi-Fi networks, and a host of other online threats. Choose a free cybersecurity solution that millions of people around the world trust every day.
Fake websites are scam web pages that are designed to deceive visitors by looking like authentic websites. Scam sites are typically created to scam users out of personal data, such as login credentials or payment details, or to infect the devices of visitors with malware. Scam websites, such as pharming sites, don’t always look fake upon inspection, and may barely differ from real sites you’re used to visiting.
Suspicious links may have characteristics like unusual URLs and misspelled or inconsistent domain names. The link’s display text may also be misleading, such as saying “Click here to secure your account” while linking to a malicious site. These are all social engineering techniques that you need to be aware of.
Fake websites work by redirecting users to scam sites through pop-ups, social media ads, phishing emails, DNS hijacking, or even shady search results. Fake websites then use a variety of social engineering tactics, such as enticing rewards, false urgency, online tracking, or other strategies to get you to voluntarily give up private information or click a button that installs malware on your device.
Website security threats are always evolving. Dangerous websites can harbor advanced malware threats, including spyware and ransomware. And thanks to the development of drive-by-download techniques, sometimes you don’t even have to click anything to get infected — simply landing on a compromised page can be enough to compromise your security.
If you’ve visited a fake website, take immediate action to protect your personal information. Fake sites often steal sensitive data like login credentials, payment details, and personal identifiers.
Use antivirus software: Run a virus scan as a fake site may have installed malware onto your device. Keep the antivirus software updated so you stay safer in the future.
Block the website: Using a trusted browser extension, go to settings, find the block list option, add the site you want to block, and then click save.
Clear your browser history: This removes data and cookies that trace your interaction, such as saved passwords, session data, or site-specific tracking. This helps prevent further exposure to phishing attempts.
Change your passwords: Create complex, unique passwords for different accounts and consider using a password manager to securely store and manage them for easier access.
Use multi-factor authentication: Enable two-factor authentication on your accounts to add an extra layer of security.
Keep software updated: Regularly update your operating system and applications to protect against known vulnerabilities.
Report suspicious activity: If you suspect a phishing or malware attempt, report it to the Federal Trade Commission (FTC).
Monitor bank and credit card statements: Check for unauthorized transactions and dispute charges or alert your bank.
Place a fraud alert with credit bureaus: If you were the victim of identity theft, notify one of the major credit reporting agencies (Equifax, Experian, or TransUnion) and they will alert the others to put a fraud alert on your report.
Use a secure web browser: Private browsers like AVG Secure Browser can help block harmful sites and warn users of suspicious activity.
Turn on Enhanced Safe Browsing on Google: Found in your Chrome browser settings, this built-in feature provides real-time protection against phishing and malware by detecting threats, offering contextual warnings, and leveraging collective intelligence to enhance online security.
Install security software: Use antivirus software to help detect and block phishing attempts and unsafe websites.
Avoid sharing your email publicly: Receiving unsolicited emails or messages could facilitate spear phishing attempts with malicious links or attachments.
Enable spam filters: Use spam filters to potentially block phishing emails before they reach your inbox. Never engage with unknown senders.
Use an ad blocker: Pop-up adverts can sometimes lead to malicious sites. Ad blocker plug-ins can stop them from popping up.
Mask your IP address: By hiding your real IP address, VPNs make it harder for malicious websites to track your location or gather information about you.
If you use the tips above, you’ll become a pro URL checker in no time. But even safe websites can contain annoying ads or spam, and sometimes malicious ads can find their way onto these sites without the owner’s knowledge. Download AVG AntiVirus FREE to help block harmful sites, malware, and phishing attacks so you can browse in peace.
Privacy | Report vulnerability | Contact security | License agreements | Modern Slavery Statement | Cookies | Accessibility Statement | Do not sell my info | | All third party trademarks are the property of their respective owners.
