12 ways to quickly identify fake and fraudulent websites


Fake and fraudulent websites have proliferated, generating billions of dollars in revenue at the expense of unsuspecting Internet users. These websites’ design and appearance make it difficult for users to manually identify them as fraudulent.

According to a recent study, fake websites account for nearly 20% of the Internet. A random sample of over 105 million web pages revealed that 70% of “.biz” domain pages and 35% of “.us” domain pages analyzed were fake.

Aside from immediate monetary losses, fake websites can have long-term trust implications for users, leading to a reluctance to engage in future online transactions. In response to these concerns, many automated detection systems have emerged to combat bogus websites. Most lookup systems rely solely on blacklists of uniform resource locators (URLs) derived from member-reporting databases maintained by online trading communities. These systems also use fraud cues, important design elements of fake websites that may indicate their lack of legitimacy.

Unfortunately, existing systems are vulnerable to the myriad of obfuscation tactics from fraudsters, resulting in highly ineffective fake website detection performance and making them easy to circumvent based on fraud cues and classification heuristics.

This post will discuss 12 common cues for an average internet user to quickly identify fake and fraudulent websites.

IP address

When an IP address is used instead of a domain name in a URL, users can be certain that someone is attempting to steal their personal information.

URL Shortening

URL shortening is a popular technique in which a URL can be significantly reduced while directing to the desired webpage. This is achieved by performing an “HTTP Redirect” on a short domain name, which links to a webpage with a long URL.

URLs with “@” Symbol

When the “@” symbol is used in a URL, the browser ignores everything preceding the “@” symbol, and the true address frequently follows the “@” symbol.

Redirecting using “//”

The user will be redirected to another website if there is a “//” in the URL path. The URL with // will look something like this: “https://www.legitimate.com//http://www.phishing.com”

Use of dash symbol on the domain

In legitimate URLs, the dash symbol is rarely used. Phishers frequently add prefixes or suffixes separated by (-) to domain names to give users the impression that they are dealing with a legitimate website.

Long URLs

On fake websites, longer URLs with dashes or digits are common. Phishers can use long URLs to hide the suspicious part in the address bar. Additionally, URLs that end in “.org,” “.biz,” “.us,” or “.info,” as well as those that use “HTTP” rather than “https,” are more likely to be fake.


Images from legitimate or previous fake websites are frequently used on fake websites. Spoof sites steal company logos from the websites they imitate. Concocted websites repurpose images of employees, products, customers, and company assets from previously created sites.

Web page text

Misspellings and grammatical errors are fraud cues found in a web page’s text, which are more likely to appear on fraudulent websites. Lexical measures (such as total words per page and average sentence length) and the frequency of specific word combinations are additional helpful indicators of text fraud. Additionally, fabricated websites use trust-fostering elements like customer reviews and “frequently asked questions” sections. The content, however, frequently resembles earlier fake websites.

Source code

Web pages source code elements, such as hypertext markup language (HTML) and commands for transferring data and redirecting to other websites, are frequently used in bogus web pages. Javascript embedded in the HTML source code is frequently used for spoofing sites to conceal the true identities of the websites from users. Design similarities can also be found in the source code by comparing the occurrence and sequence of the HTML tags on the two pages.


The frequency of in and out link information at the site (between websites) and page (between pages within the same site) levels are examples of linkage-based fraud cues. The number of relative (e.g. ,…/…/default.htm) and absolute (e.g., http://www.abc.com/default.htm) address links is also useful, as fraudsters frequently use relative links when mass-producing fake websites.

Using Pop-up Window

It is unusual to come across a legitimate website that requests personal information from users via a pop-up window. On the other hand, this feature has been used on some legitimate websites, and its primary purpose is to warn users about fraudulent activities or broadcast a welcome announcement. However, no personal information was requested in these pop-up windows.

IFrame Redirection

An IFrame is an HTML tag that displays a different webpage from the one currently displayed. The “iframe” tag allows phishers to make their content invisible or without frame borders. The “frame border” attribute is used by phishers, in this case, to render a visual delineation.