Key Takeaways
- Typosquatting: Look closely at the URL. `amaz0n.com` is NOT `amazon.com`.
- HTTPS: Never enter a credit card if the padlock icon is missing.
- Age: Use a "Whois Lookup" to check domain age. If a "Major Bank" site was registered yesterday, it's fake.
- Contact Info: If the only way to contact them is a generic "Hotmail" address or a web form, run away.
Scammers create thousands of fake storefronts every holiday season. They take your money, steal your credit card details, and you get nothing in the mail.
The "Typosquatting" Trick
Hackers register domains that look almost identical to popular sites.
- `faceboook.com` (extra o)
- `googIe.com` (capital i instead of L)
- `paypal-secure-login.com` (adding words)
Always manually type the address for banking sites. Never click links in emails for password resets.
Trust Seals mean nothing
Bad guys can just copy/paste the "Norton Secured" or "McAfee" image onto their site. If you can't click the image to verify the certificate on the Norton website, it's just a picture.
Frequently Asked Questions (FAQ)
What if I already paid?
Call your bank immediately. Tell them it was fraud and ask for a "Chargeback". Cancel your credit card so they can't charge it again.
How do I verify a shop?
Search for "[Site Name] reviews" or check Trustpilot. If there are zero reviews, or 500 reviews that all sound exactly the same (bots), stay away.
Check the link.
Phishing Guide