Fake Websites Are Traps That Look Real

Amazon, your bank, a popular game site. The login page looks exactly like the real thing, but it was actually built by a scammer. This is called a "phishing site." If you type your password or credit card number into a fake site, all of that information goes straight to the scammer.

Phishing attacks are one of the most common online threats today, with millions of reports filed worldwide each year. Even middle school students can become targets through gaming platforms, social media, and online shopping.

Check the URL - The Most Reliable Way to Tell

The most reliable way to spot a fake website is to check the URL (the text in your browser's address bar).

How to Read a Domain Name

The most important part of a URL is the "domain name." You can learn more in How to Read a URL Safely, but the key is to look at the part just before the last dot.

  • Real: https://www.amazon.com/... - the domain is "amazon.com"
  • Fake: https://amazon.com.evil-site.com/... - the domain is actually "evil-site.com"
  • Fake: https://arnazon.com/... - the "m" has been replaced with "rn"

On smartphones, the address bar shows only a short portion of the URL, so make it a habit to tap and check the full address.

Five Signs of a Fake Website

Besides the URL, fake websites share several common traits.

Sign Example
Bad grammar or spelling "Your account have been compromised" and other awkward phrasing
Unbelievably low prices 80% off the regular price - deals that seem too good to be true
Urgent language "Your account will be suspended within 24 hours"
No contact information No company address, phone number, or support form
Limited payment options Only wire transfer or prepaid cards accepted

The Lock Icon Alone Does Not Mean a Site Is Safe

The lock icon (🔒) in your browser's address bar only means that the connection is encrypted. It does not prove that the website is legitimate.

Scammers can get free SSL certificates too, so fake sites can also display the lock icon. Thinking "there's a lock, so it must be safe" is dangerous. The lock guarantees that the data traveling between you and the site is protected, but it says nothing about whether the site itself is trustworthy.

What to Do If You Fall for a Fake Site

If you entered information on a fake site, take these steps right away.

  1. Change your password: Change the password for the affected service immediately. Also change any other accounts where you used the same password
  2. Contact your bank or card company: If you entered a credit card number, call the card company and ask them to freeze the card
  3. Turn on two-factor authentication: If you haven't set it up yet, do it now
  4. Save the evidence: Save the fake site's URL and take a screenshot of the page

See also How to Check If Your Account Has Been Hacked for more guidance.

Summary - Three Habits to Protect Yourself from Fake Sites

  1. Check the URL: Before clicking a link, verify that the domain name is correct
  2. Be suspicious of links in emails and messages: Access official sites through bookmarks or search instead
  3. Stay calm when pressured: Phrases like "act now" or "within 24 hours" are classic scam tactics

If you want to learn more about staying safe online, books on online safety are a great place to start. Visit IP Checker to see your own connection details.

Related Glossary Terms

Phishing A scam that uses fake websites or emails that look real to steal passwords and personal information. SSL/TLS Technology that encrypts communication. It powers the lock icon but does not guarantee a site is trustworthy. Domain The "address" of a website. Checking the domain name is the most important step in spotting fake sites.