Guide | How To Is it a scam site? (How can you tell?)

The associated guide may contain user-generated or external content.
Cowpipe

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
The father recently had that most unpleasant of experiences, ordering something online and never receiving it. Emails, phone calls unanswered, and showing me where he'd shopped I laughed and said "that's an obvious scam", "how do you know?" he asked, and then I realised, it's not always easy for the untrained eye to discern a scam site.

In that spirit I thought I'd share a few tricks that I use to determine at face value whether a site is genuine or not, when we don't have the luxury of reputation or blacklists to rely on :)

1. Check the description in Google
That is, enter the url into Google and see what the websites description says, far too many scam sites stuff the description with keywords in order to boost their position in the search engine rankings. If the site doesn't have a description using proper sentences, that for me is a sign to look closer.

2. Google the pictures
One of my favourite tricks and one that is suprisingly effective and weeding out scam websites is to save a couple of the pictures of the products on offer, and then google them. Google Images let's you drag and drop an image onto the search bar and will tell you what websites that image has been used at, or what it thinks that image is. You'll often find the same image has been used on many different domains, each with the same description (indicating it's a scam). I use the technique to search out scam websites and flag them up, it's a fun way to kill boredom :p

On a side note, this is also a fantastic way to detect fake Facebook profiles, if somebody is using a stock photo of an attractive looking model for example, Google will tell you who it is, so you can reject and report ;):D

3. Check Facebook
I personally wouldn't buy from any website which spam links on Facebook and one easy way to check is with a Google query like the following: site:facebook.com intext:suspicious.com
You'll find any link spam in a flash. Things to look for are lots of posts advertising offers, typically stuffed with keywords ("100% Genuine leather purse wallet accessories fully embossed only $29.99"), also accounts whose sole purpose seems to be advertising, another warning sign. Remember 1000 likes doesn't necessarily mean it's genuine ;)

4. MispelledWords Decribing The Genuine Product 100% Authentic!
Broken English is a big warning sign. No offence intended but it's a well known fact that the English and grammar in most phishing sites is pretty poor. Kind of stating the obvious but it's something people seem to willing to ignore.

Note also phrases like "100% authentic!" or "100% genuine!", if it's really authentic or genuine then why shout about it? The product speaks for itself. If ever I see phrases like that in a product description, for me personally at least, alarm bells are ringing.

--- I'll add some more to this post and clean it up a little later once I'm feeling more awake, in the mean time if anyone has any tips of their own, would be great to hear them! :D:cool:
 
  • Like
Reactions: Deleted member 21043, Prorootect, Kent and 12 others
Mateotis

Mateotis

Level 10
Verified
Well-known
Mar 28, 2014
497
Great guide, thanks for sharing!

I'd like to add a few points:
  • Check the site on VT and look for any detections and comments.
  • Use a trust plugin like WOT (mywot.com) where you can check the site's reputation
  • Look for HTTPS (lock) on their payment site, all reputable banks/companies have it
 
  • Like
Reactions: King Alpha, avast! Protection, Littlebits and 4 others
Cowpipe

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
Mateotis said:
Great guide, thanks for sharing!

I'd like to add a few points:
  • Check the site on VT and look for any detections and comments.
  • Use a trust plugin like WOT (mywot.com) where you can check the site's reputation
  • Look for HTTPS (lock) on their payment site, all reputable banks/companies have it
Click to expand...

Thanks :D Will definitely add those in when I clean it up a bit later ;)
 
WinXPert

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
4. MispelledWords Decribing The Genuine Product 100% Authentic!
Broken English is a big warning sign. No offence intended but it's a well known fact that the English and grammar in most phishing sites is pretty poor. Kind of stating the obvious but it's something people seem to willing to ignore.
Click to expand...

I've seen a lot of those, dead giveaway
 
  • Like
Reactions: Cowpipe
Dee Fletcher

Dee Fletcher

New Member
Aug 18, 2014
4
These are great tips thank you! I thought the part of about checking Google images was especially unique. It makes perfect sense, but I never would have thought it if you hadn't suggested it!

A lot of times if I'm buying stuff online I will use Rip Off report. I know it really all depends on whether or not someone actually took the time to write a review on being scammed, but I've definitely found it useful. Do you think there is any kind of validity to using that site to identify scam sites?
 
  • Like
Reactions: Cowpipe
Cowpipe

Cowpipe

Level 16
Thread author
Verified
Well-known
Jun 16, 2014
781
Dee Fletcher said:
These are great tips thank you! I thought the part of about checking Google images was especially unique. It makes perfect sense, but I never would have thought it if you hadn't suggested it!

A lot of times if I'm buying stuff online I will use Rip Off report. I know it really all depends on whether or not someone actually took the time to write a review on being scammed, but I've definitely found it useful. Do you think there is any kind of validity to using that site to identify scam sites?
Click to expand...

I'm glad you enjoyed the write up Dee :)

Personally I do find review sites such as Rip Off report helpful, particularly if I've never heard of a particular store before. It can be useful in the sense that some legitimate business can still have poor customer service or refuse to give refunds and that kind of information is something that can only really be learned in advance from the experiences of the people who write reviews. Sites like those are normally my first port of call if the store in question looks legitimate but leaves me with some doubts (perhaps an unknown brand) ;)
 
Kent

Kent

Level 10
Verified
Well-known
Nov 4, 2013
468
Cowpipe said:
The father recently had that most unpleasant of experiences, ordering something online and never receiving it. Emails, phone calls unanswered, and showing me where he'd shopped I laughed and said "that's an obvious scam", "how do you know?" he asked, and then I realised, it's not always easy for the untrained eye to discern a scam site.

In that spirit I thought I'd share a few tricks that I use to determine at face value whether a site is genuine or not, when we don't have the luxury of reputation or blacklists to rely on :)

1. Check the description in Google
That is, enter the url into Google and see what the websites description says, far too many scam sites stuff the description with keywords in order to boost their position in the search engine rankings. If the site doesn't have a description using proper sentences, that for me is a sign to look closer.

2. Google the pictures
One of my favourite tricks and one that is suprisingly effective and weeding out scam websites is to save a couple of the pictures of the products on offer, and then google them. Google Images let's you drag and drop an image onto the search bar and will tell you what websites that image has been used at, or what it thinks that image is. You'll often find the same image has been used on many different domains, each with the same description (indicating it's a scam). I use the technique to search out scam websites and flag them up, it's a fun way to kill boredom :p

On a side note, this is also a fantastic way to detect fake Facebook profiles, if somebody is using a stock photo of an attractive looking model for example, Google will tell you who it is, so you can reject and report ;):D

3. Check Facebook
I personally wouldn't buy from any website which spam links on Facebook and one easy way to check is with a Google query like the following: site:facebook.com intext:suspicious.com
You'll find any link spam in a flash. Things to look for are lots of posts advertising offers, typically stuffed with keywords ("100% Genuine leather purse wallet accessories fully embossed only $29.99"), also accounts whose sole purpose seems to be advertising, another warning sign. Remember 1000 likes doesn't necessarily mean it's genuine ;)

4. MispelledWords Decribing The Genuine Product 100% Authentic!
Broken English is a big warning sign. No offence intended but it's a well known fact that the English and grammar in most phishing sites is pretty poor. Kind of stating the obvious but it's something people seem to willing to ignore.

Note also phrases like "100% authentic!" or "100% genuine!", if it's really authentic or genuine then why shout about it? The product speaks for itself. If ever I see phrases like that in a product description, for me personally at least, alarm bells are ringing.

--- I'll add some more to this post and clean it up a little later once I'm feeling more awake, in the mean time if anyone has any tips of their own, would be great to hear them! :D:cool:
Click to expand...

Thanks Cowpipe for your enlightening post! I know there are angels on MT (including you!) :D who offer sound advice and help!
May God Bless You :):):):):):)
 
  • Like
Reactions: Cowpipe

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
Security News Lego's website was hacked to promote a crypto scam
Replies
0
Views
1,518
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Jonny Quest
    • Like
  • Question
Question How are websites analyzed for reputation?
Replies
5
Views
385
Web Extensions
Jonny Quest
Jonny Quest
Moonhorse
    • Wow
    • Like
  • Locked
Question Weird site in f-secure blocked sites logs
Replies
14
Views
793
Malware Analysis
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top