Strategies for Telling the Difference Between Legit Companies and Scam Sites

Fraudulent Website

The online landscape can often feel like a field full of landmines. Phishing scams and infected websites are everywhere, waiting for unsuspecting victims to make a wrong click or inadvertently hand over sensitive data.

As technology professionals, we know the importance of being able to tell a scam artist from a legitimate service provider. We also know the value of using real-life experiences as teaching tools. That’s why we’re going to share a recent experience of ours.

How We’re Using a Message We Received to Empower Online Consumers

Not too long ago, we received the following message through our website:

I am highly concerned about getting my computer fixed through this company today. Is there anything you can send me to confirm this is not a fraudulent company? 

First, we should make it very clear, that no, we are definitely not a fraudulent company. On Time Tech has been providing strategic and reliable IT support to individuals and businesses in all industries for nearly 15 years. The combined experience and expertise of our team allows us to deliver the highest level of IT service for California business owners. You can check out our wide variety of dynamic and strategic service offerings here.

However, we also want to say: we get it. In fact, we applaud the vigilance in the message we received. Trusting your personal or business devices with an external company for repair requires a certain level of assurance. Businesses and individuals alike should never haphazardly send information to a company before doing their research.

So, we’ve decided to use this message as a teaching tool. What strategies can individuals and professionals use to detect fraudulent sites from legitimate ones? Our goal is to offer concrete tools that will help consumers of all kinds feel more informed and empowered when navigating the online marketplace.

Tips and Tricks: How to Tell a Legitimate Site from A Phony One

As mentioned, trying to secure products and services online can be a tricky game. Cybercriminals are constantly coming up with new and convincing ways to trick consumers and get their hands on sensitive personal or financial information. Consumers shouldn’t have to use guesswork to figure out whether a company site is safe or not.

So, let’s check out the leading ways consumers can determine if a site is legitimate:

Examine the Site’s Security Status

As soon as you visit a website, the first way to verify if the site is legitimate is to check the address bar for the site’s security status. In most browsers, a “safe” site will display a green padlock icon next to the word Secure to the left of the website address. Even better? You can click on that padlock icon to verify the specific security details of the website, including the type of encryption used.

Check Out the Site’s Connection Type

You can also use the address bar to determine the website’s connection type. Websites that use the https tag are usually more secure and in turn more trustworthy than websites that use the HTTP designation. The reason is that https sites have the most legitimate security certifications available. For phony and illegitimate sites, going through the process to get these certifications is too much of a hassle so they use the HTTP tag instead.

It’s especially important to make sure the website’s payment page uses the https tag. However, it must be noted that websites using an https connection can still – on occasion – be unreliable or illegitimate, so it’s important to verify the website using other strategies as well.

Evaluate the Website’s URL

You can also break down the different parts of the website’s address or URL to determine how legitimate it is. A website URL consists of three different sections:

  • The connection type – http or https,
  • The domain name – like ours for example, ontimetech, and
  • The extension.com, .net, etc.

Even if you’ve verified a secure connection it’s a good idea to look for the following URL ‘red-flags’ that may indicate a suspicious site:

  • Numerous dashes or symbols in the domain name.
  • Domain names that imitate legitimate businesses like ‘Wallmart’ or ‘Faceb0ok’.
  • One-off sites that mimic the site template of a legitimate website, like ‘visihow’.
  • Domain extensions like “.biz” or “.info” – these tend to be illegitimate.

IMPORTANT NOTE: It’s important to keep in mind that while “.com” and “.net” sites are not inherently unreliable, they are the easiest domain extensions to obtain. As such, they don’t always carry the same credibility as “.edu” (educational institute) or “.gov” (government) sites.

Look for Sloppy Content and Bad English

Once you’ve examined the address bar, it’s a great idea to scan the website for bad English or sloppily written content. If you notice lots of poor-spelling, missing words, bad grammar or awkward phrasing, that’s an indication to question the credibility of a website.

Even if the website in question seems technically legitimate so far, checking out the content and the way the site is put together can help give you a better idea if the source is trustworthy.

Watch for Over-the-Top Advertising and Pop-Ups

This is another huge element to be on the look for. If the site you’re visiting has a huge amount of flashy and annoying pop-up ad’s or ad’s that automatically play audio, the site probably isn’t legitimate. The following types of website ads are red flags:

  • Ads that take up the whole page.
  • Ads that require you to take a survey, or complete a task before continuing.
  • Ads that redirect you to another webpage.
  • Explicit or suggestive ads.

Use Google

Once you’ve explored the site content, if you still have doubts, use Google Reviews as a tool to determine legitimacy. Type the website in question into the Google search bar and review the results. Google compiles user reviews of high-traffic sites near the top of the search results – check and see if the site in question has any reviews and read them thoroughly. Make sure the reviews you read are from reliable, third-party sources.

Google also has a useful Transparency Report webpage. You can use this site to quickly run a website’s address through the Google transparency service to see the safety rating it’s been given from Google.

When in Doubt, Use the Website Contact Page to Reach Out

When it comes down to it, it’s always better to be safe than sorry. Most websites will include a Contact Us page where users can ask questions and send comments and concerns to the owner of the site. If you’re able too, call the number provided or send an email to help verify the legitimacy of the website. Sometimes getting in touch with another human is the best way to determine legitimacy. If the site in question doesn’t have a Contact page listed anywhere, it should be an immediate red flag.  

Navigating a Dangerous Cyber Climate: Balancing Fear with Strategy


No matter what kinds of websites you’re visiting it’s always a good idea to be on the lookout for con artists and fraudulent websites. However, fear of being hacked or scammed should never take over your ability to connect with the companies you need to. You should never have to sacrifice getting things done because you’re afraid the internet isn’t safe.

That’s why it’s critical to get used to the detection strategies in this guide. If you rely on concrete strategies to assess website legitimacy and safety, you’ll feel much more empowered making decisions and handing over information on the world-wide-web. Furthermore, you won’t feel stuck or unproductive, because you’ll feel more confident in your ability to tell a scam from the real deal.