01 Visual Signs
Before using any tools, use your eyes. Phishing sites often have subtle mistakes:
The URL (Typosquatting)
Look carefully at the address bar. Is it amazon.com or amaz0n.com? paypal.com or paypal-secure-login.com?
Poor Design & Grammar
Legitimate companies hire professional copywriters. If you see spelling mistakes, broken images, or mismatched fonts, run away.
02 Technical Checks
Dig a little deeper to verify the site's identity:
1. Check the Certificate
Click the padlock icon. A legit bank will often have an "Organization Validated" (OV) or "Extended Validation" (EV) certificate showing their company name. Free certificates (like Let's Encrypt) are fine for blogs, but suspicious for banks.
2. Check Domain Age
Use a WHOIS lookup tool. If the website claims to be a "leading investment firm" but the domain was registered 3 days ago, it is a scam.
03 Automated Tools
Don't trust your gut. Use data sources:
Google Transparency Report
Paste the URL into Google's Safe Browsing checker to see if they've found malware.
LamaniSecure Scan
Run a full scan to check if the site's IP is on any blacklists (spam, malware, botnet).
VirusTotal
Scans the URL against 70+ different antivirus engines simultaneously.
04 Major Red Flags
05 Frequently Asked Questions
What does the padlock icon actually mean?
The padlock only means the connection is encrypted (HTTPS). It does NOT mean the site is legitimate. Phishing sites can also have a padlock!
How can I tell if a shopping site is fake?
Check the domain age (scam sites are often brand new), look for poor grammar, verify contact info (is there a real address?), and search for reviews on Trustpilot.
Is Incognito mode safer?
Incognito mode only prevents your browser from saving history. It does not protect you from malware, phishing, or unsafe websites.