Check a Website Is Legit: UK Safety Checklist
You can avoid most fake websites by checking the URL carefully, researching unfamiliar shops, and reporting suspicious links via official UK channels instead of interacting with them.
This guide provides a fast, repeatable checklist for assessing whether a website is genuine, with emphasis on the most common UK scam patterns: lookalike domains, paid "sponsored" scam results, and fake delivery, parking or payment pages. It is designed for consumers who are about to enter card details, passwords, or personal data. It also includes UK reporting routes for scam sites and phishing messages.
Quick checklist
- Check the URL: spelling, unexpected subdomains, odd extensions.
- Type the address yourself or use a bookmark; avoid links in unexpected messages.
- Research unfamiliar shops: independent reviews, scam warnings.
- Be suspicious of pressure tactics, "too good to be true" offers, and incomplete contact details.
- If you clicked or entered details: change passwords, contact your bank, log out of sessions.
- Report scam sites and phishing: use GOV.UK and NCSC reporting routes.
The fastest legitimacy checks
- Domain spelling: Scammers use lookalike domains—amaz0n.com, paypa1.com, or goog1e.co.uk. Look for typos, extra characters, or wrong suffixes.
- Unexpected subdomains: A real site might be
shop.brand.com. Watch forbrand-login.otherdomain.comor similar tricks. - "Too good to be true" pricing: Heavily discounted branded goods or impossible deals are a common scam signal.
Signs a website is unsafe
- Pressure tactics: Countdown timers, "limited stock", or urgent messages urging you to act now.
- Risky payment methods: Requests for bank transfer or cryptocurrency instead of card payment for retail purchases.
- Incomplete contact details: No physical address, only a contact form, or no way to reach support.
- Suspicious checkout: Odd URLs at payment, redirects to different domains, or requests for unnecessary personal data.
How to research an unfamiliar shop
The NCSC encourages researching unfamiliar online shops to check legitimacy. Before you pay:
- Search for independent reviews (Trustpilot, Google, etc.) and look for patterns of complaints.
- Search for the site name plus "scam" or "fraud" to see if others have reported problems.
- Verify company details: check Companies House for UK businesses, and confirm the address matches.
If you clicked or entered details
Act quickly to limit harm:
- Change passwords for any account where you entered credentials. Use a strong, unique password.
- Contact your bank if you entered card details. They can monitor for fraud or block the card.
- Log out of sessions on all devices for affected accounts.
- Check devices: If you downloaded anything, run a security scan and consider our malware guide.
How to report scam websites in the UK
Report suspicious content via official routes. Do not interact with the site further.
- Suspicious emails: Forward to report@phishing.gov.uk. See GOV.UK: Avoid and report internet scams and phishing.
- Suspicious texts: Forward to 7726 (free). This reports the sender to your mobile provider.
- Suspicious URLs: The NCSC provides a route to report scam websites. Use the official NCSC reporting page to submit suspicious URLs.
Frequently asked questions
- Is the padlock/HTTPS enough to trust a site?
- No—encryption helps protect data in transit, but scammers can still run HTTPS websites. You still need to verify the site and the URL.
- What's the most reliable way to check a URL?
- Type it yourself or use saved bookmarks; avoid clicking links in unexpected messages.
- How do I report a scam website in the UK?
- Use official reporting guidance and submit suspicious URLs through the NCSC reporting route. For phishing emails, forward to report@phishing.gov.uk; for texts, forward to 7726.