top of page

How to tell if a website is fake?

Writer's picture: Global Anti-Scam OrgGlobal Anti-Scam Org

Updated: Jan 11


Below is a helpful overview of the red flags and characteristics that commonly indicate a fraud/scam website—based on the examples and observations you shared:

1. Domain Registration Red Flags
  • Recently Registered: Fraudulent websites often have very recent registration dates (only weeks or months old).
  • Short Expiry: Scammers frequently register domains for just one year. Legitimate, established companies generally opt for longer registration periods.
  • Suspicious Subdomains: The use of additional numbering in the subdomain (e.g., “h5.example6.com,” “cap96.com,” etc.) often signals the site may be part of a recurring scam tactic. Many scammers rely on these subdomains because once a particular domain is shut down by authorities, they move on to another domain with a similar pattern.

2. Website Cloning
  • Imitation of Known Brands: Many fraud sites copy content or design from well-known companies (e.g., Coinbase, Binance, AXA, TPG). They may change only minor details like the logo or domain name (e.g., h5.tpg6.com instead of h5.tpg.com).
  • Inconsistent Branding: Scam websites often mix branding materials in a way that doesn’t make sense or include outdated logos and slogans from the legitimate company.

3. Suspicious URL Patterns
  • Inclusion of Numbers: Fraud sites often include numbers like 66, 68, 123, etc. They sometimes appear in the subdomain or main domain to create many variations quickly (e.g., cap880.com, cap2one.com, cap96.com, capital221.com).
  • Repeated/Incremented Versions: When one site is shut down, the scammers will launch a near-identical domain, simply incrementing the numbers or changing a letter (e.g., tpg6.com, tpg66.com, tpg68.com, etc.).

4. “Customer Service” via Messaging Apps Only
  • WhatsApp / LINE / Telegram: If the site pushes you to communicate solely through these apps, it’s a major red flag. Legitimate companies typically provide official email addresses, phone support, or integrated chat on their official website.
  • Unreachable Phone Numbers: Fraud websites often list U.S. or international numbers that cannot actually be called. Attempted calls either don’t go through, or there’s no official switchboard/automated message.
  • Broken English: Many scam operations originate from abroad (e.g., China), so their written communication often contains grammatical errors, awkward phrasing, or incorrect word usage.

5. Cryptocurrency-Related Scams
  • Pushing Crypto Transactions: Scammers frequently instruct victims to move funds into popular crypto exchanges (Binance, Coinbase, Shakepay, etc.). Once the victim’s money is in crypto, the fraudsters direct them to send it off-site to a shady “trading platform” or “investment account” that they control.
  • Fake Investment Portals: The fraud site will typically show fake balances increasing rapidly to entice further deposits. However, any attempt at withdrawal is stalled, blocked, or requires additional “fees.”

6. Common Signs of a Legitimate Website vs. a Fraudulent One
Aspect
Legitimate Site
Fraudulent Site
Domain Age
Typically several years old
Recently registered (weeks or months ago)
Registration Period
Often renewed for multiple years
Usually renewed for only 1 year
Brand Consistency
Matches official branding, consistent design
Cloned content or mismatched brand elements (e.g., TPG copy using leftover Coinbase or Binance branding)
Contact Methods
Multiple options (phone, email, chat)
WhatsApp / LINE only, often with foreign numbers that cannot be called
Language Quality
Generally well-written, professional
Broken English, grammatical errors, or direct machine translation
Website Security
SSL certificate from known providers
May have mismatched or suspicious SSL details, or a certificate that was issued very recently
7. Staying Safe
  1. Use WHOIS/Domain-Checking Tools: Always verify domain age, registration details, and expiration dates.
  2. Check for Official Contact Info: Look for credible phone numbers or email support from a recognizable domain (e.g., support@legitcompany.com).
  3. Verify URL Carefully: Watch for extra characters or numbers in the domain that don’t match the official brand name.
  4. Research Company Reputation: Look for established social media pages, trustworthy review sites, or mainstream press coverage.
  5. Never Transfer Funds Hastily: If a website pushes you to deposit crypto or wire transfer money urgently, treat that as a huge red flag. Take time to research thoroughly before sending any money.

In Summary
Fraudsters often rely on a pattern of disposable domains and cloned websites to trick victims into depositing funds (often via cryptocurrency). By knowing what to look for—particularly domain patterns, suspicious contact methods, and inconsistent branding—you can protect yourself and others from these scams. Always pause to verify a site’s legitimacy before making any financial transactions.
bottom of page