Learn how to check if a website is legit: spot fake stores, read real reviews, verify policies and padlock, before you buy online in the UK.
Scammers don’t need masterful code to fool us. They need our hurry. A rushed click; a deal that feels like a win; a website that looks “about right”. This guide keeps you slow and sceptical. It shows how to check if a website is legit before you spend, and what to do if you’ve been caught out, especially when a small claim is the right route. The checks below come from current UK consumer guidance and cybersecurity advice, updated in 2025.
Aside from the immediate consequences of losing money, falling victim to a scam website can also lead to much bigger financial and legal complications. In the UK, you could take a lot of issues, such as faulty goods, bad service or failure to refund your payment, to the small claims track of the County Court. This route deals with and accepts claims for relatively low-value disputes, usually with an upper limit of £10,000, and is designed to be safe and used without a solicitor. If you use an AI service like CaseCraft.AI, the service helps with drafting the claim documents and reminding you of the deadline. Fortunately, if you figure out how to protect yourself before you purchase, you can avoid any hassle of needing to know that option.
1. Double-Check the Website’s Address
Start with the address bar. Scammers lean on look-alike domains, swapping letters or adding words that shadow a brand. Be wary of domains that borrow a brand name plus a lure (“ipadoffers”, “discountnikeclothes”), or that sit on odd endings for retail. If a link is shortened, preview it first or type the company name yourself into the browser and navigate from there. A URL created yesterday is a tell. Use a basic domain lookup (WHOIS) to see when a site was registered. New + pushy + too-cheap is a pattern.
Additionally, fraudsters often copy well‑known brand names and tweak the spelling just enough to fool a casual glance. They might swap a letter for a similar‑looking character (for example, replacing the “o” in amazon.com with a zero to create amaz0n.com), or use a different domain extension, such as .org or .net, to mimic a legitimate shopping site. Sometimes, a scam page sits behind a link shortener, concealing its true domain name.
2. Is the Offer Too Good to Be True?
Scam sites often lure shoppers with unbelievably low prices or time‑limited deals. If an offer seems unrealistic, it probably is. Counterfeit goods and products that never arrive are routinely advertised at huge discounts to tempt buyers.
- Be wary of deep discounts. Scam websites use steep discounts and countdowns to get you to “buy now” without scrutiny.
- Watch for countdown timers and pressure tactics. Fake sites use urgent language and timers to create a sense of scarcity.
- Compare prices elsewhere. Cross-check the product on two or three trusted retailers and look for normal price ranges. When the price is an outlier and the site is new, that’s the tell.
3. Never Pay by Bank Transfer
A genuine shop gives you card or trusted wallet options and clear protections. A site that steers you to a bank transfer is asking you to give up those protections. If an item is fake or never turns up, your recovery options are thin when you’ve wired money. Paying by card keeps statutory protections under section 75 of the Consumer Credit Act.
4. Browse the Website
It takes two quiet minutes.
You land on the homepage and let your eyes idle. The logo is a shade off, blue where yesterday’s press shots were green. The favicon is missing. No need to panic; just breathe and look.
You click About. A company “founded in 2005” that never says where it began. A promise to be “a global leader” with no names, no trade registration, and no photographs of a place that could be found on a map. The paragraph tries very hard not to say anything. Real firms are usually proud of specifics.
You drift to Contact. There is a form, slick, anonymous, bottomless. No landline. No postcode. The email address is generic and misspelt by a letter that looks right until you stare at it. You dial the number anyway; it rings into snow.
Back to the product page. The photos glow, but they are identical across sizes and colours, as if the item were a rumour rather than a thing. The copy lurches from stiff to breathless. Tenses wander. Model numbers don’t agree with the images. You find a review embedded on the page; it appears again, word for word, beneath a different kettle.
Policies next. Delivery, Returns, Privacy. The words are there, but nothing grips: no timetable for refunds, no address for returns, no mention of who pays the postage. The privacy page reads like a template that forgot your name.
You test the edges. Click a breadcrumb: it loops to itself. Try a footer link: broken. The social icons lead nowhere, or everywhere, or to feeds that last posted in a month that never happened.
Now glance up at the address bar. The domain is new, stitched from a famous brand plus a tempting noun. The padlock sits there, doing its honest little job, encrypting your connection, not vouching for the merchant.
You close the tab. Because a real shop behaves like a place: people you can ring, pages that join up, policies that bind them to you, language that sounds as if someone who works there wrote it. When a site can’t manage those small truths, it’s telling you a larger one.
5. Look for Contact Information
Legitimate businesses don’t hide. You should find a geographic address, a working phone number, and a direct email, ideally not a web form only. Suppose all you see is an anonymous contact form; approach with caution. Cross-check the address on a map; ring the number before you buy; look for the company name on Companies House if they claim to be UK-based. Absence of contact routes is a classic phishing hallmark.
6. Check the Fine Print
Before you pay, check three pages: returns, terms, and privacy. You’re looking for specifics, return windows, refund methods, timelines, delivery terms, and how your numbers and personal data are handled. Missing or vague policies are a warning. If a retailer sells in the UK, you should see policies that reflect UK consumer law rather than a copy-paste from elsewhere.
7. Read Online Reviews
Spot a Fake Review
Type the brand name, add “reviews”, then open two or three tabs – Trustpilot, Google, maybe a thread, maybe some stuff on Twitter. Then scroll back. Not a week or month.
You’re interested in shape over time: is there clustering around an issue, such as refunds, delayed delivery, or a bad product, or is it just the normal noise around any shop?
Click into a handful of profiles. Real people look like they’ve lived: a mix of places reviewed, dates spread out, details that sound like someone seriously unpacked a box.
Be aware of a rash of 5-star raves from accounts created last Tuesday, all screaming “great customer service! “They’re performing. That’s choreography, not experience.
Now read through the uncomfortable middle, the 3-star notes. They are often the most true: “arrived a day late, my refund was processed in four, would use again”.
Look for nouns, order numbers, model names, times, and photos of what turned up. A vague feeling gives you zero useful information; details give you everything.
Check the brand’s responses. Are they following up with order reference numbers and next steps, or are they pasting vague apologies underneath everyone? A clear voice, consistent over months, is a good sign. Silence, or sudden flurries of defensive responses after a spate of one-stars, usually are not.
Look at the social tags and feed, as well as the glossy feeds. Real customers leave messy comments: a cracked lid, missing a screw, and hanks when a replacement arrives. If you can only see “customers” in the feed of influencers copied and reading the same text, consider it a theatre performance.
Finally, check the rhythm. A healthy brand has a rhythm, with reviews coming in week after week. A dead spot, then an overnight avalanche of reviews, is the type of pattern to slow you down at the checkout.
8. Can You Trust a Trust Mark?
Badges can be helpful when they’re real. But a trust mark is not a free pass. There are dozens in circulation, and scammers paste logos they haven’t earned. If a badge is clickable, open it. A genuine seal should lead to a live certificate page with the site name, verified organisation, and validation details. If it doesn’t resolve, or it goes to a random page, treat it as decoration, not proof.
9. Look for a Padlock
A padlock shows HTTPS is on; it doesn’t prove a shop is legitimate. Encryption protects your connection, not the merchant’s honesty. Use the padlock as one check among many. Click it to view the certificate information and who issued it. Then combine that with all the checks above, domain age, policies, contacts, and reviews, before you buy.
Quick Ways to Identify Trouble Before You Click “Pay”
If something trips your gut, put the URL into a reputable checker (for example, tools referenced by the UK’s cyber-security guidance) and report suspicious messages to the National Cyber Security Centre (NCSC) via the Suspicious Email Reporting Service. It’s a small action with a large ripple: reporting helps take fraudulent sites and campaigns down.
If You Have Already Paid
Act fast. Contact your bank or card issuer; change any reused passwords; enable multi-factor authentication; and report the site or message to NCSC. If you never received the goods or what arrived was fake, keep your evidence, order confirmations, screenshots, emails, tracking pages, and work through the refund paths your card provider offers. If the seller refuses and the loss falls under the small claims money limit, a claim may be the pragmatic route.
Where CaseCraft.AI Fits
CaseCraft.AI is a UK platform built specifically for small claims. It guides you through the narrow lane where court action is worthwhile: simple money disputes under the small claims track limit, clear evidence, and a realistic chance of enforcement. In England and Wales, the accepted ceiling for small claims money disputes is £10,000; claims above that usually head to the fast track (and very large claims use other routes). Time limits matter too: in consumer disputes, you generally have up to six years to bring a claim.
Why mention this in a piece about how to check if a website is legit? Because prevention comes first; recovery comes second. If you’re out of pocket after an online purchase and the seller stonewalls you, CaseCraft.AI helps you file and manage a small claim without paying a solicitor, only where the claim sits within small-claims limits. The platform automates the dreary parts (drafting, deadline tracking, document prep) and keeps you close to the process.
Why It Pays to Be Methodical
A last word about patience. UK civil-justice data show how many claims end by default judgment when the defendant never responds. That’s a reminder to do the groundwork, clean evidence, dates, payments, and emails, so if you do claim, your case reads clearly and lands well.
Checklist You Can Remember
When you shop online, slow your scroll. Check the URL. Read the fine print. Look for a real-world address and phone line. Cross-check reviews across sites. Treat bargains as suspects first. Use the padlock as a start, never the finish. If it fails any of those checks, step away. If you paid and lost money, gather your evidence and escalate, card dispute first, small claims only when it fits the rules, with CaseCraft.AI sitting in that specific lane to help you file cleanly.
