Website Red Flags: Spot a Scam Site in 30 Seconds

By Bitverzo Research Team · July 6, 2026 · 8 min read · Based on analysis of 760,000+ websites

You're about to buy something online. The price is great. The product looks right. But something feels... off. Maybe the website looks a little too generic. Maybe the URL is slightly weird. Maybe you've just been burned before.

We've analyzed over 760,000 websites at Bitverzo, and we've gotten pretty good at separating the legitimate from the sketchy. About 78% of sites we analyze come back as "Likely Safe." Another 21% raise caution flags. And roughly 1% are outright suspicious — the kind of sites you should close immediately.

Here's how to tell which category a site falls into, without needing any technical expertise. Just a browser and about 30 seconds.

78% Safe · 21% Caution · 1% Suspicious

Trust verdict distribution across 760,000+ analyzed websites

Red Flag #1: No HTTPS (The Padlock Check)

Time: 2 seconds. Look at the address bar. Is there a padlock icon? Does the URL start with https://? If not, you're on an unencrypted site.

16% of websites still don't use HTTPS. That's the minority, but if you happen to land on one of them — especially one asking for personal information or payment details — leave immediately. Sites without HTTPS have an average trust score of just 41 in our database. We wrote a detailed analysis of HTTPS adoption if you want the full picture.

One important caveat: HTTPS alone doesn't mean a site is safe. Scammers can (and do) get SSL certificates. But the absence of HTTPS is almost always a bad sign.

🚩 No Padlock = No Trust

Sites without HTTPS have an average trust score of 41/100. If a site is asking for your credit card without HTTPS, close the tab. Full stop.

Red Flag #2: The Domain Looks Wrong

Time: 5 seconds. Read the domain name carefully. Scam sites often use domains that are close to — but not quite — a legitimate brand. Think "arnazon.com" instead of "amazon.com" or "paypa1.com" instead of "paypal.com."

Other domain red flags:

If the domain looks even slightly suspicious, check it on Bitverzo. We'll show you the domain's age, registration details, and trust score. For example, compare a real brand like amazon.com to any questionable domain — the difference in trust profiles is immediately obvious.

Red Flag #3: Brand New Domain

Time: 10 seconds (with a tool). Scam sites are typically registered days or weeks before they start operations. They have to be new — old scam domains get reported and blacklisted. If a site selling products was registered last month, that's a significant concern.

In our database, sites with domains less than 6 months old that score below 40 on our trust scale are overwhelmingly suspicious. Legitimate new businesses exist, of course. But a new domain combined with other red flags (no HTTPS, no contact info, unrealistic prices) is a very reliable scam indicator.

Bitverzo shows domain age on every report page. It's one of the first things I check when evaluating a site I haven't visited before.

Red Flag #4: Missing or Fake Contact Information

Time: 15 seconds. Scroll to the bottom of the site. Click "Contact" or "About Us." What do you find?

Legitimate businesses display real contact information — a physical address, a phone number, a professional email address (not Gmail or Hotmail). Scam sites either have no contact page at all, or they show generic information that doesn't check out. I've seen scam sites listing addresses that turn out to be empty lots or residential homes on Google Maps.

If the only contact method is a web form, that's suspicious. If the email address is a free webmail account, that's suspicious. If there's no contact information at all, that's a parade of red flags.

Red Flag #5: Too Good to Be True Pricing

Time: 5 seconds. This one's as old as commerce itself, but it still catches people. If a site is selling a $1,200 product for $89, ask yourself why. Flash sales exist. Clearance pricing exists. But 90% discounts across an entire product catalog? That doesn't happen at legitimate businesses.

Scam e-commerce sites typically list products at 70-95% off retail. The images are stolen from legitimate retailers. The prices are designed to override your skepticism — "even if it's a scam, it's only $30" is exactly the thought process they're counting on.

✅ The Price Test

Search for the same product on Amazon or the brand's official site. If the price difference is more than 50%, something's wrong. Legitimate discount retailers don't consistently undercut the market by 80%.

Red Flag #6: Generic or Stolen Design

Time: 10 seconds. Scam sites often use templates that look generic and interchangeable. The design feels like a thousand other sites. Product descriptions are copied from other retailers (sometimes with weird formatting artifacts). The "About Us" page reads like it was generated by AI or copied from another company.

Look for these design red flags:

Red Flag #7: Missing Security Infrastructure

Time: 10 seconds (with Bitverzo). This is where a tool like Bitverzo becomes really valuable. We check things you can't see just by looking at a website:

Sites scoring below 30 on our trust scale are almost always problematic. Between 30-50, exercise serious caution. Above 50, you're in more normal territory — but still use common sense.

Red Flag #8: No Social Media Presence

Time: 15 seconds. Legitimate businesses have social media accounts. They have reviews on Google, Trustpilot, or industry-specific platforms. Scam sites? They might have social media icons on their website, but the links either don't work or lead to accounts created last week with zero followers.

Search for the company name on Google. If the only result is the website itself — no reviews, no social media profiles, no mentions anywhere — that's a red flag. Real businesses leave digital footprints.

Red Flag #9: Pressure Tactics

Time: instant. "Only 2 left in stock!" "Sale ends in 03:47!" "17 people have this in their cart!" If a site is aggressively trying to prevent you from thinking, there's usually a reason. Legitimate retailers use some urgency tactics, but scam sites dial them up to eleven because they need you to buy before you research.

Any time you feel pressured to act fast, that's your cue to slow down and check. The deal will still be there after you've spent 30 seconds verifying the site.

The 30-Second Checklist

Here's the quick version. Run through this before entering any personal information on an unfamiliar site:

  1. Padlock in the address bar? (2 seconds)
  2. Domain name looks normal? (3 seconds)
  3. Prices seem realistic? (5 seconds)
  4. Real contact information exists? (10 seconds)
  5. Run it through Bitverzo for an instant trust score (10 seconds)

If a site passes all five, you're probably fine. If it fails two or more, walk away. If it fails three or more, definitely walk away. And if the trust score is below 30? Don't give that site your email address, let alone your credit card.

Real Examples From Our Data

To give you a sense of what different trust scores look like in practice:

High trust (70+): google.com, shopify.com, github.com — HTTPS, all security headers, SPF/DMARC, CDN, modern tech stack, established domains.

Average trust (50-70): Most small business sites, blogs, and mid-tier e-commerce. They have HTTPS and maybe some security headers, but are missing email authentication or a CDN. Generally safe but could be better maintained.

Low trust (30-50): Often older sites with outdated software, no security headers, no email authentication. Could be legitimate but neglected, or could be intentionally low-effort operations. Proceed with caution.

Suspicious (below 30): Missing HTTPS, fresh domains, no security infrastructure, no email authentication, minimal technology stack. These are the sites where you close the tab and don't look back.

What to Do If You've Already Been Scammed

If you've already entered payment information on a suspicious site:

  1. Contact your bank immediately — Report the charge and request a chargeback. Most banks have fraud departments that handle this daily.
  2. Change your passwords — If you created an account on the scam site using a password you use elsewhere (you shouldn't, but people do), change it everywhere.
  3. Monitor your accounts — Watch for unauthorized charges over the next few weeks.
  4. Report the site — Report it to Google Safe Browsing, your browser vendor, and the FTC (if in the US) or equivalent authority in your country.
Check Any Website — Free & Instant

Get a trust score, security analysis, technology detection, and domain details for any site in seconds.

Analyze a Website →

Frequently Asked Questions

How can I quickly tell if a website is a scam?

Check five things in 30 seconds: (1) Does the URL use HTTPS? (2) Is the domain older than 6 months? (3) Does the site have real contact information? (4) Do prices seem realistic? (5) Run it through Bitverzo for an instant trust score. Sites scoring below 40/100 warrant serious caution. Our data shows 1% of all sites are "Suspicious" and 21% raise "Caution" flags.

What percentage of websites are scams?

About 1% of the 760,000+ domains we've analyzed score as "Suspicious" (trust score below 30), and 21% fall into the "Caution" category. Not all "Caution" sites are scams — many are simply poorly maintained — but they deserve extra scrutiny before sharing personal information or making purchases.

What is a good trust score for a website?

On Bitverzo's 0-100 scale, scores above 70 indicate a well-configured, likely safe site. 50-70 is average. 30-50 raises concerns. Below 30 is suspicious territory. The average across all 760,000+ sites we've analyzed is 63/100. Major brands like Google and Shopify typically score in the 75-90 range.

Data in this article is based on Bitverzo's analysis of 760,000+ domains as of July 2026. Trust scores and safety verdicts are updated continuously. For a more technical guide to website safety, see our full safety checking guide. View trends or see top-rated sites.