Is this scam checker free?

Yes, ScammerDetect's scam checker is completely free. We check URLs against multiple threat intelligence databases, VirusTotal, PhishTank, and our own database of 30,000+ analyzed websites.

How accurate is this tool?

We aggregate results from multiple threat intelligence databases for maximum accuracy. However, no tool is 100% — a clean result doesn't guarantee a site is safe. Always exercise caution with unfamiliar websites.

What databases do you check against?

Browser-level threat intelligence (phishing, malware, unwanted software), VirusTotal (70+ antivirus engines), PhishTank (community-reported phishing), and ScammerDetect's own database of 30,000+ analyzed domains.

Scam Website Checker -- Detect Phishing and Fake Sites — Free Online Tool

Scam radar scanner detection — Our scam website checker analyzes domains against multiple threat intelligence sources to detect phishing and fraud.

Scam websites have become remarkably convincing. A fraudulent banking portal can be pixel-perfect. A fake cryptocurrency exchange can include live price feeds, working charts, and responsive customer support chat. A phishing clone of your email provider can be visually indistinguishable from the real login page. According to the APWG, the number of unique phishing sites detected each quarter continues to grow, driven in part by AI tools that make it faster and cheaper for criminals to create professional-looking fraudulent websites.

The scam website checker above analyzes any domain against multiple threat intelligence databases and performs structural analysis to detect the signals that separate scam websites from legitimate ones.

How Scam Websites Mimic Real Ones

Understanding the techniques attackers use helps you recognize them, even when automated tools have not yet flagged a site:

Visual Cloning

Phishing kits -- pre-built packages sold on dark web marketplaces -- allow attackers to replicate a website's design in minutes. These kits copy logos, fonts, color schemes, page layouts, and even interactive elements. The result is a page that looks identical to the original. Some kits update automatically to match design changes on the target site.

Domain Deception

The domain name is where the deception starts:

Typosquatting: arnazon.com, micros0ft.com, paypa1-login.com -- small character substitutions that are easy to miss.
Subdomain stacking: secure.bankofamerica.com.login-verify.net -- the real domain here is login-verify.net, not Bank of America.
Homograph attacks: Using characters from Cyrillic, Greek, or other scripts that look identical to Latin letters. The URL appears correct but points to a completely different domain.
TLD variations: Registering the same name under .net, .org, .xyz, or country-code domains when the real site uses .com.

⚠The Padlock Icon Does Not Mean a Site Is Safe

Scammers add fake trust badges, fabricated reviews, and free SSL certificates so the padlock icon appears. HTTPS only means the connection is encrypted -- it does not verify the website operator's identity. Never treat the padlock as proof that a site is trustworthy.

What Signals the Checker Looks For

The scam website checker performs a multi-layered analysis when you submit a URL:

Database matches: The domain is checked against multiple browser-level threat databases, VirusTotal's network of 70+ security engines, the PhishTank community-verified phishing database, and ScammerDetect's own database of over 31,000 flagged domains.

Domain age and registration: Newly registered domains impersonating established brands are a strong fraud signal. The tool checks WHOIS data for the creation date and registration patterns. Domains registered days or weeks ago that claim years of history deserve extreme skepticism.

TLS certificate analysis: The tool examines certificate details including the issuing authority, the organization field, and certificate age. Legitimate financial institutions use Extended Validation (EV) certificates, while most phishing sites use free Domain Validation (DV) certificates.

DNS and hosting infrastructure: Phishing sites often use shared hosting, free platforms, or bulletproof hosting providers that ignore abuse reports. The tool analyzes DNS records and hosting location for patterns associated with fraud operations.

Content and structural signals: Suspicious redirects, iframe injections, and domains that serve different content to scanning tools than to regular visitors are flagged.

What to Do If a Website Is Flagged

If the checker identifies a site as dangerous, take these steps:

Do not interact with the site. Do not enter any information, click any buttons, or download any files. Close the tab immediately.
Report the site. Submit the URL to Google Safe Browsing so it gets blocked in browsers. Report it to the FTC and FBI IC3 to support law enforcement efforts.
Warn others. If you found the link in a community, forum, or group chat, let others know it has been flagged.
Check your exposure. If you visited the site previously, review whether you entered any information. Check your accounts for unauthorized activity.

⚠Already Entered Information on a Flagged Site?

If you submitted login credentials, change those passwords immediately on the real website -- and on any other accounts where you used the same password. If you entered payment information, contact your bank or credit card issuer to freeze or dispute charges. Enable multi-factor authentication on all important accounts. For a complete recovery checklist, see our guide on what to do if you have been scammed online.

Building Long-Term Protection

No single tool catches every scam. Pair the checker with these habits:

Use a password manager. It only auto-fills on the correct domain, refusing to enter your credentials on a phishing clone.
Enable multi-factor authentication (MFA). Even if a phishing site captures your password, MFA blocks account access.
Keep your browser updated. Modern browsers block known malicious sites automatically.
Type URLs directly. If a message asks for login credentials or payment, navigate to the site yourself instead of clicking the link.

Guides

How to Spot a Scam Website

10 red flags to evaluate any website before trusting it with your information or money.

Guides

What to Do If You've Been Scammed Online

Immediate steps for password recovery, financial disputes, and reporting fraud.

Scam Types

Pig Butchering Scams

How scammers build trust over weeks before directing victims to fraudulent investment platforms.

Platform Guides

Telegram Scams

Phishing attacks, fake bots, and impersonation schemes happening on Telegram.