Better Business Bureau reported 44,762 online scams in 2020 alone! So, how to know if a website is legit to buy from? Check out these 7 proven tips!

We all love to explore new websites to look for unique and exclusive products that might not be available on your typical go-to online platforms. Sometimes, startups and small businesses offer larger discounts than the big ecommerce sites do, which is enticing as well. But how can you tell if an online store is legit? Many people want to know how to check if a website is safe to buy from before inputting their personal information and payment card numbers on them.

And this is for good reason as there are risks when buying online. Specifically, there are two main types of risks with new and unknown ecommerce sites.

  1. Seller is a fraud: The person on the other side of the website
    • steals your personal information,
    • performs financial fraud,
    • doesn’t send the product,
    • sends a degraded product,
    • doesn’t take returns or pay refunds,
    • has inserted malware in the site, or
    • sells your credit card information to the darknet.
  1. Website is insecure: The seller’s intentions are legit, but the website has security flaws, which enables hackers to:
    • Steal your personal data and payment card numbers,
    • get unauthorized access to your online accounts to modify the transaction or order from your account,
    • insert malware on the website without the website owner’s knowledge.
Both of these situations are bad for you, and you will be vulnerable to cybercrimes if you can’t recognize a legit and safe website.
In this article, we will discuss seven tips that help you know if a website is legit to buy from.

7 Tips That Will Help You Know If A Shopping Website Is Legit

  • Use Tools To Check If A Website Is Safe To Buy From
  • Read Online Reviews
  • Inspect The URL
  • Know The Obvious Signs Of Corrupted Or Scammer Websites
  • Look Out For The Stolen Images
  • Check Out The Contact Information and Social Media Presence
  • Check The Padlock Sign

1. Use Tools To Check If A Website Is Safe To Buy From

Some sites are too dangerous for even visiting, let alone shopping. But how to know if your selected shopping website is spammy or infected with malware?

These are some free resources that can help you decide if a shopping website is legit.

  • Google Transparency Report: Simply click on this link and type in the site you want to shop from. Google will instantly tell if the website is infected with malware or spam.
  • Netcraft: This is a Google Chrome extension. Click on the “Add to Chrome” Button. After that, whenever you try to visit a malicious or phishing website, Netcraft will show you a warning indicating the danger.
  • Malware & URL Scanner: Another Chrome extension that works like similary to the Google transparency report. But when you search for a URL, it shows a large number of data like Whois lookup, GeoIP & Reverse IP lookup, Reverse Google Analytics, Website historical screenshots lookup, etc. You can install it on Firefox and Microsoft Edge, too.

2. Read Online Reviews

Now this one is pretty obvious, but people still miss this step. Don’t believe the customer reviews mentioned on the new/unknown sites. They might be manipulated or fake. Rather, go to the sites like

Here, you can read customers’ genuine reviews, which help you to know if a shopping website is legit.

3. Inspect The URL

There is a cybercrime tactic named cybersquatting, in which attackers buy similar-looking domain names of a popular site. Such domains are called cybersquatting domains.

The fake domains look something like this: Amaz0n.com, Cha5e.com, businesinsider.com, applle.com, rnacys.com, ebaycareers.com, facebookprizes.com, wallmart1.com, etc.

As you can see, these domains have spelling mistakes, additional words or letters, or replacements with similar-looking words/numbers.

If you are not vigilant enough, you might fall for this trick because scammers make a replica of an original domain with the same logo, color scheme, and design.

Hence, always double-check the URL when you are shopping online.

4. Know The Obvious Signs Of Corrupted Or Scammer Websites

If a website is infected with malware, you’ll see some obvious infection signs, such as:

  • Too many “download,” “click here, “or “buy now” buttons are placed in a confusing manner.
  • Something automatically gets downloaded to your device.
  • It redirects you to some other unknown sites.
  • Unknown windows start popping up in the background.
  • A window pops up asking you to download an antimalware or flash media player.
  • It asks you to update your browser or operating system to access some material.

If a website is running an online scam, you’ll see these obvious signs.

  • “Too good to be true” deals. A huge discount and a noticeable price difference compare to other online platforms—for example, 50% discount on iPhones, 70% off Gucci bags, etc.
  • Unbelievable claims, like “instantly win $10,000 by playing this casino”, “Spin the virtual wheel and win prizes,” “Play online games and win money,” “get free lottery tickets just by filling out a form.”
  • Unusual spelling and grammatical errors. Don’t ignore such mistakes. Any legit site has at least some basic editorial standards and wouldn’t make multiple errors.

5. Look Out For The Stolen Images

All the legit stores use the original photos of the product. They generally hire photographers and designers to create a portfolio of the original product images. If an online store is using images from some other sites, you need to be careful here. This is true especially for items like appeals, shoes, cosmetics, jewelry, or any customized/exclusive product.

Download the suspicious image and upload it on https://images.google.com/ or https://tineye.com/ to see whether the image belongs to any other store. Or simply right-click on the image and select “Search Google for image.”

6. Check Out The Contact Information and Social Media Presence

Go to the “contact us” page and see whether there is a physical address, phone number, and email address are there. Dial the phone number to make sure it is working and reaches the right store. Also, if the email is coming from generic email clients like Gmail, Yahoo, Hotmail, etc., instead of the official domain after, i.e., @domainname.com, it is a red flag.

In the same way, check out the store’s social media presence, especially on Facebook, Twitter and Instagram. Check the number of followers, and read customers’ comments. Also, check out the business on LinkedIn and see who the employees are and from where do they belong. If the business is not on any of the social media platforms and there aren’t any employees on LinkedIn, be careful. It is quite a strange thing in today’s era not to have a presence on social media, and it indicates something is fishy.

7. Check The Padlock Sign

Check out the address bar (where you type in a URL). Can you see a green or grey padlock-like symbol (known as the padlock icon)?

If there is a padlock icon, it indicates the website has installed an SSL/TLS certificate and it’s safe. That means all the data transferred between you and the website’s server will travel through an encrypted channel, HTTPS. In simple words, the hackers won’t be able to steal your personal data and payment card numbers even if they break into the internet connection. So, a padlock sign is one of the indicators to check if a website is safe to buy from.

check the padlock sign

If there is no padlock sign and instead, there is a “Not secure” sign or an exclamation sign inside a circle, run in the opposite direction! Never input any of your information on such a site. Attackers can easily hack such sites and steal your information.

Please note that a lack of padlock symbol is the sign of an insecured website, but it’s presence doesn’t automatically makes a site legit.  Hackers can also use an SSL/TLS certificate on their fake site, especially when there are free SSL certs available in the market.

The good news is there are organizational validated (OV) and extended validated (EV) SSL certificates that reputed organizations use. Here, the certificate authority (CA) rigorously vets a comapany’s credentials and make sure the website is backed by a legit organization. Anyone on the internet can check the organization’s name if they click on the padlock sign and on the “certificate”. Browsers like Safari, Internet explorer, etc. show company’s name in front of the domain name, in the address bar itself. Like this.

business name in url
Such identity verification is the surety that a website is legit to shop from.

Wrapping Up On How To Check If A Website Is Safe To Buy From

Do you know hackers use the email address you provide on a website for sales inquiries or customer support to send malware? In fact, 92.4% of total malware is transferred via such email addresses. Also, one-third of cyber-attacks are executed against the ecommerce industry. That’s why it is high time for you to be vigilant and  observe the website for the obvious signs of malware infection and fraud before buying anything. Carefully inspect the URL, the stolen images, a padlock sign, contact information and the social media presence of the website. Also, use automated tools and extensions to know if a website is legit to shop from.