How to verify a website is safe before you pay — a 7-step check that takes under a minute.

The economics of online fraud have flipped. A scammer can register a domain for $2, clone a brand in an hour, run paid ads to it the same day. Cost of building a fake site is now lower than the cost of a single successful payment. That math is why fake checkout pages have exploded since 2024 — and why scammers leave fingerprints in places most users never look.

• Scammers cut corners They reuse infrastructure, skip steps real businesses can't skip, and leave fingerprints in places most users never look.
• Seven of those places Each takes under a minute. None require technical skill. All have stopped someone from losing money this week.

The single highest-signal check. Most scam sites are less than 90 days old. Real businesses, even new ones, usually have at least a few months of history by the time they are selling.

• What to look for Run a WHOIS lookup. Inspect Creation Date. Under 3 months on a site selling brand-name products = serious warning.
• Rule of thumb Registered in the last 30 days + brand-name product + steep discount = leave the page. This combination correctly identifies roughly four out of five payment scam sites.

The padlock means encrypted connection. It does NOT mean honest site. Most phishing sites in 2026 carry valid SSL because free CAs make it trivial. What to actually inspect:

• Issuer A Let's Encrypt cert on a checkout page handling thousands of orders is suspicious. Real retailers usually pay for higher-validation certs.
• Validity window Certs issued within the last week, on a domain under a month old, paired with payment forms = strong red flag.
• Subject name Certificate Common Name must actually match the domain you are on. Mismatches are rare but lethal.

Real businesses use a small number of well-known DNS providers: Cloudflare, Route 53, Google Cloud DNS, GoDaddy. Scam sites often use obscure nameservers tied to bulletproof hosting, or run their own NS on the same IP as the website.

• Known providers Cloudflare, Route 53, Google Cloud DNS, GoDaddy. Anything else on a consumer-facing brand is unusual.
• Recent NS changes A site that switched nameservers in the last week, after months of stability, has either had a serious infrastructure migration — or been compromised.

Major blacklists — Spamhaus, SURBL, URIBL, Google Safe Browsing — share data with each other and update fast. If a site has been reported for phishing, malware or spam by enough people, it usually ends up on at least one list within 24 hours.

• Clean result ≠ safe A clean blacklist result does not mean the site is safe — fresh scams haven't been reported yet.
• Hit ≠ definitely scam, but hard stop Hits on multiple lists are a hard stop. Close the tab.

Find the IP the website resolves to, then look up what other domains share that IP. Real businesses usually share an IP with related properties — their own subdomains, a CDN, maybe a sister brand. Scam sites frequently share their IP with dozens of unrelated, equally suspicious-looking domains.

• Scam-farm signature A single IP hosting amaz0n-deals.xyz + flipkart-sale.top + nike-india-offer.shop all at once is a scam farm. Don't do business with anything on that IP.

Headers are the metadata a server sends back with every page. They tell you which web server the site runs, what security policies it has, and sometimes what platform the store was built on. They are also where scammers get sloppy.

• Missing HSTS on a checkout page Legitimate retailers ship Strict-Transport-Security by default. Missing on a payment page is a tell.
• Raw nginx, no CDN A Server: nginx on a cheap default port, with no CDN in front. Real e-commerce sites are nearly always behind Cloudflare, Fastly, Akamai or similar.
• Leaked CMS X-Powered-By: WordPress on a page claiming to be a global retailer is incongruent.

The last step is the simplest and the one most people skip. Open a new tab. Go to the brand's official social media — Instagram, X, LinkedIn. Look at the link in their bio. If the domain you are about to pay on doesn't match that link, you are on a fake site.

• Why this catches so many Scam sites copy the website perfectly but can't copy the brand's verified social presence. They are counting on you not checking.

Print this. Tape it next to your monitor. Run it before any payment to a site you haven't paid before:

• 1. Is the domain older than 90 days?
• 2. Does the SSL certificate match the domain and look reasonable for the business size?
• 3. Are the nameservers from a known DNS provider?
• 4. Is the domain clean across major blacklists?
• 5. Does the IP host a sensible number of related domains, not dozens of fake-looking ones?
• 6. Do the HTTP headers look like a real e-commerce setup?
• 7. Does the brand's real social bio link to this exact domain?
• Pass threshold Six of seven greens? Probably safe. Five or fewer? Don't pay. The few minutes you save aren't worth the money you can lose.

• Does the green padlock mean a website is safe? No. The padlock only confirms the connection is encrypted between your browser and the server. It says nothing about who runs the server or whether they are honest. Most phishing sites in 2026 carry valid SSL.
• How can I tell if a website is a fake online shop? Check domain age, look at the reverse-IP neighborhood, verify the URL against the brand's official social media. Fake shops almost always fail at least one of those three checks.
• Is it safe to enter card details on a new website? Only after running the seven-step check. If the site passes, use a virtual card or a payment method with strong fraud protection. Avoid bank transfers or UPI to unknown merchants — much harder to reverse than card payments.
• What should I do if I have already paid a scam site? Contact your bank or card issuer within 24 hours and request a chargeback. File a complaint on the national cybercrime portal. Change any passwords you reused on the fake site. Speed matters — recovery rates drop sharply after the first day.