Click here to listen to How to Check if a Website is Safe podcast

How deep you want to search for answers depends on what you are looking at and why you want to check:-

Are you looking to:-

A.      Download torrents

B.      Find pirate movies, TV series etc.

C.      Buy or sell

D.      Find entertainment

E.       Protect a child from things they shouldn’t see

F.       Just check on a site you saw advertised or in an email

You see how this makes a difference. If you’re looking for dodgy website torrents then it’s up to you whether to take the risk, whereas if you’re looking to protect a child from unwanted material on the Internet then it’s more about setting up child protection beforehand.  Buying and selling is about the reputation of the business and so on.

You should always have up to date anti-virus protection and if possible anti-malware protection. These services can warn you if you try to navigate to a dangerous website.

Step 1 – Internet Services

Free services such as Site Advisor, Web of Trust, Safewords, Scanurl and many more will check a website for you.

e.g. Norton Safe Search at  will check any website for you. will check any website or link – looking for reports of phishing, hosting malware and viruses, unwanted software, or poor reputation.

Step 2 – Phishing Sites

Is the domain name as you expected E.g. if you expect Tesco then it should be and not or  or or anything else that clearly is not the real Tesco.  Scammers  will create websites at domain names designed to fool people so do check carefully. These are usually phishing sites i.e.  they duplicate the company’s pages but record your information for scam purposes.

Look closely at the content, the contact information, company details, grammar, domain name etc.

Fake and phishing websites can be tricky to spot and are sometimes almost identical copies of their genuine counterparts, but if you look closely there are often small signs that not all is as it should be.

Step 3 Customer Reviews

There are various websites that allow people to share their experiences about the quality of a company’s products and customer service. These include:

Reviewcentre – “Review Centre is a community of passionate people, sharing their product and service experiences”.

Trustpilot – “We’re committed to being the most trusted online review community on the market”.

Step 4 – A Secure Website

Any website where you need a login and password should be ‘secure’ i.e. use SSL encryption to safeguard that login and password. The same goes for any site that sells anything or needs input of confidential information.

To check if a site uses SSL -  look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using SSL Certificate . To get an SSL Certificate, the company must go through a validation process.

The company name should now be displayed next to the URL with a padlock symbol to indicate you are logged on to a secure connection.

Step 5 – Check the Company is Real

There are a few signs that you can look for to help you know if a company is real or not.

If the company lists a physical address and phone number there is a higher chance that they are a real business. Reputable companies will list their information so you can contact them if there is a problem.

Reputable product sales sites should list their return policy as well as their shipping policy. If you can’t find these policies on the site, then you may wish to give them a miss.

If the prices are too low to believe then it’s probably fake and you don’t want to end up with stolen goods or maybe nothing for your money.

Step 6 – Professional Website

Look for a professional website. If you are dealing with any large company then you expect a professional website so if you find lots of spelling mistakes, poor grammar, sentences that don’t make sense and so on then it’s probably written by a scammer.

Most businesses will also feature images of their products, so check if any pictures fit in with the rest of the site and have not just been added randomly.

Step 7 - Ownership


You can check on the owner of a website at This will tell you the official records of the legal owner of the domain name.  This is sometimes clear e.g. Amazon Europe  owns but sometimes there are holding companies involved or the domain name is held by the hosting company rather than the company so you cannot always be sure of the real owner.

Do Share this post on social media – click on the icons at the bottom of the article.

If you have been scammed, there are three key things to do

1.       Take steps to get your money back if possible

2.       If you have lost a significant amount of money or something valuable then contact the Police

3.       Take steps to protect yourself against further scams


A.     How to Get Your Money Back

What you do depends on how the money was taken from you.

1 Credit Card

If you've paid for goods or services with a credit card, then your card supplier may cover the loss for you and may chase the scammer to recover the money for themselves.  This is covered in section 75 of the Consumer Protection Act but only applies where the loss is greater than £100 and less than £30,000

2 Debit Card

If you used a debit card, you can ask your bank to get your money back through the Chargeback scheme.

This is not covered by consumer law but most banks use the scheme and it applies to all debit card transactions including goods costing less that £100.

3 Bank Transfer

If you've been caught out by a complex and convincing scam which has resulted in you transferring your money into another bank account than you should contact your bank immediately. The bank can try to recover the funds

If your bank refuses to offer you a refund, or only offers a partial refund, you can complain to the Financial Ombudsman. You should tell your back that you are doing this.

You could also have grounds to complain to the bank if you believe their actions have contributed to the success of the scam or if they have failed to recover your money.

4. Money Transfer by Western Union or Moneycorp

If you have sent the scammer money via Western Union or Moneycorp or similar organisation then this is effectively the same as a cash transaction and you wont get the money back.

5. eBay or Paypal or Similar Retail Organisation

If you bought the goods from a reputable online retailer then they have dispute resolution procedures whereby you may get your money back.

B.     How to Report a Scam

If you have lost a lot of money in the scam, then tell the Police (do not phone 999 though – use a number for your local Police station or their national reporting line)

There is also a website called Action Fraud (www. ) where you can report the scam but they don’t normally take action on your behalf – they collect data on scams to help with building cases against large scale scammers.  They pass the data along to the relevant Police Force when there is enough information for a campaign.

If the scam relates to products that are defective or do not their description then tell your local Trading Standards office.

C. How to Protect Yourself Against Further Scams

a.       Do not believe anything that seems too good to be true.

b.      Never buy anything from a cold caller or give them personal information.

c.       If you are going to buy from a person or company that you haven’t dealt with before and isn’t a household name then do check they are legitimate (check reviews online, ask friends, check how long the company has existed for, query the company)


d.      Use common sense and don’t take needless risks

Click here to listen to How to Check if Your Email Has Been Compromised podcast


Here are some of the largest data breaches i.e. where hackers have illegally gained access to logins and sometimes passwords for large numbers of people.


Number of People Affected


Number of People Affected







TK / TJ Maxx








Sony PlayStation Network




JP Morgan Chase


Ashley Madison


Home Depot




UK Revenue & Customs




Home Depot



 Q. Wouldn’t we be told if our data had been compromised?


A. In some cases yes. In others the breach has been published but individuals were not  notified. Also, when a breach happens, it can be very difficult to identify exactly what information the hackers have got and whether or not they can easily break any stored passwords.

If you want to know if your email address has been compromised in one of the large scale data breaches that you  see in the news, then this website will check for you.

The guy who created this website is Troy Hunt, a Microsoft Regional Director who is well known and highly regarded in the Internet security world.

Troy says “This site provides a service to the public. Data breaches are rampant and people don’t appreciate the scale or frequency with which they occur. By aggregating the data here, I hope that it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s Internet”.

A “breach” is an incident where a hacker illegally obtains data from a vulnerable system, usually by exploiting weaknesses in the software. All of the data in the haveibeenpwned website comes from website breaches which have been made publicly available.

There’s an option on the site to sign up to be notified if your email address comes up in a later breach.

Q.           What to do if your email details have been compromised?

A.            This doesn’t necessarily mean that someone has your password but you should check and take precautions. 

·         Change the password for the account

·         Change the password for any other account that has the same login and password

·         Review whether to shut down the relevant accounts and whether there has been any suspicious activity on those accounts .



You need to set safe passwords and not tell anyone and not write them down.

Refer to blog post for more information on how to create ‘safe’  passwords. 


Articles on Guidance