Check a Website Is Legit: UK Safety Checklist

You can avoid most fake websites by checking the URL carefully, researching unfamiliar shops, and reporting suspicious links via official UK channels instead of interacting with them.

This guide provides a fast, repeatable checklist for assessing whether a website is genuine, with emphasis on the most common UK scam patterns: lookalike domains, paid "sponsored" scam results, and fake delivery, parking or payment pages. It is designed for consumers who are about to enter card details, passwords, or personal data. It also includes UK reporting routes for scam sites and phishing messages.

Quick checklist

  1. Check the URL: spelling, unexpected subdomains, odd extensions.
  2. Type the address yourself or use a bookmark; avoid links in unexpected messages.
  3. Research unfamiliar shops: independent reviews, scam warnings.
  4. Be suspicious of pressure tactics, "too good to be true" offers, and incomplete contact details.
  5. If you clicked or entered details: change passwords, contact your bank, log out of sessions.
  6. Report scam sites and phishing: use GOV.UK and NCSC reporting routes.

The fastest legitimacy checks

Signs a website is unsafe

How to research an unfamiliar shop

The NCSC encourages researching unfamiliar online shops to check legitimacy. Before you pay:

If you clicked or entered details

Act quickly to limit harm:

  1. Change passwords for any account where you entered credentials. Use a strong, unique password.
  2. Contact your bank if you entered card details. They can monitor for fraud or block the card.
  3. Log out of sessions on all devices for affected accounts.
  4. Check devices: If you downloaded anything, run a security scan and consider our malware guide.

How to report scam websites in the UK

Report suspicious content via official routes. Do not interact with the site further.

Frequently asked questions

Is the padlock/HTTPS enough to trust a site?
No—encryption helps protect data in transit, but scammers can still run HTTPS websites. You still need to verify the site and the URL.
What's the most reliable way to check a URL?
Type it yourself or use saved bookmarks; avoid clicking links in unexpected messages.
How do I report a scam website in the UK?
Use official reporting guidance and submit suspicious URLs through the NCSC reporting route. For phishing emails, forward to report@phishing.gov.uk; for texts, forward to 7726.