Phishing websites, including bogus retail sites, have long been a problem — and now, they’re contributing to online shopping scams. Whether you’re looking to make a purchase or you’re just browsing the web, there are clues about a site’s legitimacy that can help you spot possible scams.

Phishing websites are nothing new. Since the mid-90s, scammers have been creating fake websites designed to capture people’s money and personal information.

And with the continuing dependency on online shopping, online shopping scams are increasing, too.

This is partly driven by phony retail sites that look convincingly similar to legitimate online stores but are actually operated by scammers.

How do online shopping scams work?

According to the Federal Trade Commission (FTC), Americans lost $10 billion to fraud in 2023, with online shopping scams coming in as the second most reported type of fraud.

These scams usually start with an unbelievable deal — but the promised goods or services never arrive. Or, if they do arrive, they’re a counterfeit version of the product that was advertised.

Fraudsters might advertise these deals or products on phishing sites that mimic real retail sites.

“Anytime a consumer provides their personal information on a phishing website, such as a fraudulent e-commerce website, it may increase the likelihood that they’ll lose money, or become a victim of identity theft,” says Vera Tolmachoff, Senior Restoration Manager at Allstate Identity Protection.

“This is one reason why consumers should approach unknown retailers and offers that seem too good to be true with extra caution."

Even if you’re not tapping in your credit card number, it’s important to stay alert: Some phishing websites are designed specifically to steal personally identifiable information (PII) like your account login information.

Tips on how to identity fake websites

Scammers are getting better and more creative at designing websites that appear legitimate at first glance.

And, just like legitimate websites, fraudulent sites may be advertised on trusted browsers and social media platforms — making them tricky to spot.

No matter how real a site may look, ask the following questions before you proceed to checkout: 

  • What’s the URL? Look for misspellings, extra words, or other inconsistencies. Scammers will often create a copycat website using a URL that is just one letter off from the legit site. 

  • Is the site secure? The URL should start with “https://” rather than “http://”. The “s” stands for “Secure,” meaning that the Hypertext Transfer Protocol (“http”) features a “Secure Socket Layer” to help encrypt and protect the information you share.  

  • When was the site registered? You can quickly check the registration date of a site using ICANN Lookup. If you are shopping online with a business that you know has been around for years, but the website was registered only months ago, this could indicate that it’s a phony copycat site.  

  • Does the site have their contact information published? Typically, a business's contact information can be found at the bottom of its website or on an About Us or Contact Us page. If you can’t find this anywhere on the site — or if you find that the email address associated with the company has a personal domain like @yahoo or @gmail — consider it a red flag.  

  • Is the site asking for more information than necessary? “Most sites should only ask for a method of payment, shipping address, telephone number, and email address. If more information is asked, think twice about proceeding,” says Tolmachoff.

  • Is the brand, product, or site linked to any scams? If you’re suspicious of a site, search online for the product or brand along with the word “scam” or “complaint.” This way you’ll see if any online shopping scams have been associated with the site or brand recently.

If you think you may have discovered something bogus, it’s important to report it. Here’s how to report a scam website:  

  • Visit the FTC’s report site

  • Provide any details you have about the scam website. 

  • Provide your contact information. 

Your report will be added to the FTC’s Consumer Sentinel database and is made available to federal, state, and local law enforcement. The FTC uses reports to investigate cases of fraud and scams, as well as track trends and educate the public. 

Quick Tips

Watch out for customer service scams

Be aware that scammers may pretend to be customer service or tech support agents. In one common scheme, fraudsters create a fake website for a genuine organization. The copycat site features a bogus customer service number. When you call the number, you’re connected with a scammer who attempts to get your personal information.

Here are some tips to avoid being scammed by fraudulent customer "support": 

  • If you’re searching for a customer service contact, type the company’s web address directly into your browser; don’t use a search engine.  

  • Find a customer service number on an official bill or statement. 

  • Never send money or give your account password to a customer service representative. 

Shop and browse with confidence

Following these website safety tips is a good place to start — and for extra peace of mind, keep these four best practices in mind the next time you’re browsing or shopping online:

  • Think twice before entering personal information. 

  • Stick to trusted sites and retailers. 

  • If you buy something, pay with a credit card. 

  • Be wary of deals advertised on social media, as well as surveys or giveaways that capture sensitive information.