You saw the ad on Instagram, the discount looked aggressive but not impossible, and the site had the little padlock icon next to the URL. So you bought. Two weeks later, no tracking number, no reply to your emails, and a card statement showing a charge from a company whose name doesn't match the store you thought you paid. This is one of the most common frauds online precisely because the tools scammers use to build trust — HTTPS, a modern storefront template, a checkout page — are the exact same ones legitimate stores use, and take a fraudster under an hour to copy.
What HTTPS actually tells you (and what it doesn't)
The padlock icon means your connection to the site is encrypted — nobody can intercept the data traveling between your browser and the server. That's it. It says nothing about whether the person running the site is honest, whether they'll ship what you paid for, or whether the "store" even exists past a checkout page connected to a payment processor. Getting an SSL certificate takes minutes and is often free. Treat HTTPS as a baseline requirement, not a trust signal.
Domain age and website checkers — useful, but not gospel
Tools like ScamDoc and similar website-trust checkers scan a domain's age, WHOIS registration data, hosting reputation, and blacklist history to produce a trust percentage. The underlying logic is sound: most scam stores are registered weeks before launch and disappear within months, so a domain that's only three weeks old with hidden registrant details is a genuine red flag worth taking seriously.
That said, it's worth being honest about the limits of these tools rather than treating a single score as a verdict. Independent reviews and technology writers have repeatedly flagged that services like ScamDoc use proxy signals (domain age, hosting, WHOIS visibility) rather than verified data about whether a business actually delivers what it sells — and that legitimate new or small businesses are sometimes unfairly flagged simply for being new, with little practical way to correct the score. Use a trust-score check as one input that tells you whether to dig further, not as a single yes/no gate before you buy.
A fuller checklist — because no single tool catches everything
- Search for independent reviews outside the store's own site. Check Trustpilot, Google Reviews, or a simple search of "[store name] + reviews" or "+ scam" — genuine complaints about non-delivery tend to surface quickly.
- Reverse image search the product photos. Scam stores overwhelmingly use stolen photography from real manufacturers or other retailers. If the exact same images appear on ten other unrelated sites, that's a stronger signal than domain age alone.
- Look for real contact information — a physical address, a company registration number, a phone number that actually connects to a person — rather than only a contact form.
- Check the return and refund policy. Vague, non-existent, or deliberately confusing return terms are a common pattern in short-lived scam storefronts.
- Be skeptical of urgency tactics — countdown timers, "only 2 left," fake live-viewer counters — designed to make you buy before you think to check anything else.
- Pay with a credit card, not a debit card or bank transfer, wherever possible. Credit cards typically carry stronger chargeback protections if the order never arrives.
Why this actually matters at scale
This isn't a fringe problem. The FBI's Internet Crime Complaint Center (IC3) recorded $16.6 billion in total reported consumer losses in 2024 alone — a 33% increase from the previous year — and non-delivery and imposter scams, frequently run through fake storefronts advertised on social media, remain among the most commonly reported categories. The pattern is consistent enough that US Treasury holiday-season advisories specifically warn that social media ads routinely direct shoppers to fake online stores that never ship anything.
If you already bought and think it's a scam
Contact your card issuer immediately to ask about a chargeback — the faster you flag it, the stronger your case. Report the store to the FBI's IC3 (ic3.gov) so the pattern gets logged nationally, and leave a factual review describing exactly what happened, since that's often what warns the next person off before they check out.