In an ultra-connected age where digital presence is paramount, the internet serves as a gateway for cybercriminals. As a result, online fraud seems ever-present, and around 18,000 fraudulent websites are created every day. 

Scammers are also using email services provided by Google and Yahoo to appear trustworthy, which is why it’s essential that you’re aware of what to look for when it comes to fraudulent websites (see the section on important terms to know for cyber security below). Here’s what you need to know about how to identify fake websites.

How to check if a website is legit

Want to know if a website is legit? Follow these seven simple steps:

  • Check the URL 
  • Verify the trust seal 
  • Ensure your connection is secure 
  • Filter through the content 
  • Find out who owns the web domain
  • Use Google’s Safe Browsing Transparency Tool 
  • Look at reviews

1. Check the URL

By paying close attention to the URL at the top of your browser, you might be able to spot a fraudulent website. While you can sometimes spot a fake URL straight away, in some cases the deceptive site can be hidden or manipulated to look familiar. 

An easy way to find out if the site is actually malicious is by highlighting the entire URL then copying and pasting it into the search bar of another tab. Before hitting ‘enter/search’, inspect the URL again, as it may be that the actual URL, before any manipulation has occurred, is now exposed.

2. Verify the trust seal

On websites where you can make a purchase, known as ecommerce sites, there will often be a ‘trust seal’ on the payment pages or other pages where sensitive information is required. When you click on a trust seal, you should be taken to the seal provider’s website where the legitimacy of the website will be verified. Alternatively, you may be able to visit the seal provider’s website and search for the website there instead.

Here’s a complete list of trust seals.

3. Ensure your connection is secure

Ensuring your connection is secure is an easy step you can take to confirm that the channel of communication between you and the server is encrypted and secure. In basic terms, it means any information you input cannot be read by third parties or fraudsters. To do this, click on the padlock in the URL bar at the top of your tab and then click on ‘Show certificate’ if using an Apple Mac product, or choose ‘Security’ or ‘More information’ on other browsers to open the certificate. 

If you are taken to a website without the ‘https://’ at the beginning of the URL and are asked for any information, leave immediately as the website probably isn’t secure.

4. Filter through the content

Hackers will often rush to pull websites together in order to make money quickly, meaning you’ll often spot bad grammar, incorrect spellings and typos throughout the text. Reputable, trustworthy websites have good quality content and thorough processes to ensure their text doesn’t include mistakes. 

If the text has a real sense of urgency to it that is pressuring you to pay a fine or threatening some other risk to you personally, it is likely to be a scam. In a similar vein, if something seems too good to be true, for example, savings accounts with higher-than-average interest rates, it probably is. 

In any circumstances where a website seems poorly designed with badly-written content, it’s best to err on the side of caution and call your bank directly to check.

5. Find out who owns the web domain

All domains have to register their URL or web address, so you can check who has done this by visiting website checkers such as LookWhoIs or

You’ll then be able to link the website with an individual or organisation. If you’re struggling to do this or it feels a bit cloak-and-dagger, it’s likely that the individual is a scammer and doesn’t want to be found. 

6. Use Google’s Safe Browsing Tool

Possibly the easiest way to investigate a website is to simply copy and paste the URL into Google’s Safe Browsing Site Status Tool. This tool is like a fake website detector, and will reveal whether the site is safe (or not).

7. Look at reviews

Feefo, Trustpilot and TripAdvisor are all trusted sites that collate reviews from previous, legitimate customers who can help you decide whether or not the website is legit. Reviewers can also warn you about scams or inconsistencies with the website, allowing you to make a more informed decision.

However, it’s important to be aware that some fraudulent websites also input fake reviews to build a false sense of security and scam unwitting visitors. If the reviews are all brand new, have consistently bad grammar or simply make you suspicious, you might want to avoid using the website.

Interested in saving?

Interested in saving?

Growing your money is easy with Raisin UK. Through our free, easy-to-use marketplace, we connect you with a range of banks offering deposit-protected savings accounts with competitive, high street-beating interest rates. Apply to open as many savings accounts as you like and manage everything under one roof, with no fees.

We’ll even give you an extra £25 bonus when you sign up with the promo code ‘GROW25’ and deposit  £5,000 or more in your first savings account. Terms apply.


What happens if I visit a fraudulent website?

If you mistakenly end up on what you believe to be a scam website, the best thing you can do is not interact with the website in any way – even by just clicking the back button. Close the page down and clear both your cache and your browsing history

You can find out how to clear your cache in all major browsers as well as what to do if you’ve been scammed online if you think you’ve fallen victim to an online scam.

How to avoid fraudulent websites

You can take a proactive approach to online security by installing antivirus software on your device, but always ensure you purchase it from a reputable supplier or after consulting an IT expert. 

Don’t click on links in any emails you receive that don’t look right, and similarly, don’t click on any ads on websites you visit that seem a little off.

Is banking online with Raisin UK safe?

Yes, all online banking is generally safe, with different providers putting encryption and multi-factor authentication in place to ensure that all data is protected. 

At Raisin UK, we follow stringent protocols to ensure that both your money and credentials remain secure. The Raisin UK website is protected by industry standard SSL Secure Sites Certificates to ensure any data you share with us is encrypted and therefore cannot be read. 

Find out more about the security of our website

Important terms to know for cyber security

These are some of the cyber security terms, abbreviations and general website jargon that are useful to understand and will help you tell if a website is legit.

What is HTTP? 

HTTP stands for Hypertext Transfer Protocol and makes up the foundation of the World Wide Web. It is used to load websites using hypertext links. In simple terms, it’s the application on which web pages work. You may also see ‘HTTPS’, which is an extension of HTTP and means that your connection is secure (see the section on SSL below).

What is a URL? 

URL stands for Uniform Resource Locator, and it’s simply a complete web address (or rather a set of directions that follow the HTTP in order to find the page you need). You’ll find the URL of a website in the long narrow box at the top of your browser. 

What is the domain name?

The domain name forms part of the URL and is almost like a ‘nickname’ for the full URL. This is the small segment you’ll recognise as the website name – it’s normally the company name, or something similar.

What’s an IP address? 

An IP or Internet Protocol address is an identifying piece of information that distinguishes one internet user from another. If you have an internet router at home, it will have its own IP address so its location is known. You can find your own IP address by typing, ‘what’s my IP address?’ into a search engine, such as Google.

What is SSL? 

SSL stands for Secure Sockets Layer, and it was the most widely deployed cryptographic protocol to provide security, before it was succeeded by TLS in 1999. 

TLS stands for Transport Layer Security and is effectively the same thing, but most people still refer to this type of technology as SSL. What SSL does is provide a secure channel between two machines or devices that operate over the internet or an internal network. You normally see HTTP at the start of a web address, and when it turns to HTTPS, the ‘S’ stands for ‘secure’.

What is phishing? 

Phishing is the most common way for cybercriminals to obtain your sensitive information, such as passwords, banking information or credit card details. Fraudsters use techniques such as emails and adverts to get this information, leading you to a fraudulent website that might look exactly like a normal one. They will use this website to mislead you into entering sensitive details which they can then keep and exploit. 

What is malware?

Malware is the term used to describe any kind of malicious software. Cybercriminals use malware to track victims and exploit them for financial gain. Malware can exist in the following forms: 

  • Email attachments
  • Adverts on popular websites 
  • Fake software downloads & installations
  • Infected USB drives
  • Infected apps
  • Phishing emails
  • Text messages

Home › BankingOnline Banking Online Safety › How to check if a website is legit

Sign up for the latest offers and news

Receive specially curated news and articles, and be the first to hear about exclusive rates and exciting offers when you sign up with us.