How to Check If a Website Is Safe Before You Enter Your Details
Every day, Canadians lose money to fraudulent websites that look completely legitimate. A few quick checks before you enter any personal information could save you from identity theft, financial fraud, or malware. Here's a practical guide to verifying website safety.
Check #1: Look for HTTPS (The Padlock)
The most basic check: does the URL start with https://? The 'S' stands for secure — it means your connection to the website is encrypted. Look for the padlock icon in your browser's address bar.
However, HTTPS only confirms your connection is secure — it doesn't guarantee the site itself is legitimate. Scam sites can have HTTPS too.
Warning sign: Any website asking for passwords or payment information over plain HTTP (no padlock) should never be trusted.
Check #2: Examine the Domain Name Carefully
Scammers use domain names that look almost identical to real ones:
paypa1.com(number 1 instead of letter l)amazon-security-alert.com(added words)royal-bank-ca.com(hyphenated, .com instead of .ca)
Always type important URLs directly into the address bar rather than clicking links in emails. Verify the domain exactly matches the official website.
Check #3: Look Up When the Domain Was Registered
Most fraudulent websites are brand new. A legitimate business that's been operating for years will have a domain registered years ago.
You can check domain age and registration details using a WHOIS lookup or domain checker tool. A domain registered within the last few weeks combined with requests for payment is a major red flag.
Check #4: Search for the Business Independently
Don't just rely on information the website provides about itself. Search the company name plus 'review' or 'scam' on Google. Check:
- Better Business Bureau (BBB) listing
- Google reviews
- Reddit threads about the company
- Government of Canada's fraud centre (antifraudcentre.ca)
Check #5: Use Google's Safe Browsing Check
Google's Safe Browsing tool flags websites known for phishing and malware. You can check any URL at transparencyreport.google.com/safe-browsing/search.
Your browser also checks this list automatically — if Chrome, Firefox, or Safari shows a red warning page, trust it.
Red Flags That Indicate a Scam Site
- Prices that seem impossibly low (luxury goods at 90% off)
- No physical address or contact information
- Poor grammar and spelling throughout
- Pressure tactics ('Only 2 left!' timers counting down)
- Accepts only gift cards, wire transfer, or cryptocurrency
- No clear return or refund policy
- Domain name is different from the company name
Frequently Asked Questions
What should I do if I already entered my info on a suspicious site?
Act immediately: change your password everywhere you used that password, contact your bank if you entered financial details, and monitor your credit report. Report the incident to the Canadian Anti-Fraud Centre (1-888-495-8501) and your local police.
Is a .ca domain automatically safe?
No. While .ca domains require Canadian presence (which adds some accountability), scammers can still register .ca domains. A Canadian domain suffix doesn't guarantee legitimacy.
Can a website steal my information just by visiting it?
A legitimate website cannot steal data just by you viewing it. However, websites with malicious code (drive-by downloads) can exploit browser vulnerabilities. Keeping your browser and OS updated significantly reduces this risk.
What is phishing?
Phishing is when a scammer creates a fake website that mimics a legitimate one (like your bank) to trick you into entering your login credentials. The fake site captures what you type and uses it to access your real account.
Try the Domain Checker
Use our free domain checker — no sign-up, no download, no limits.
Open Domain Checker →You Might Also Like