How do I recognise a fake website?

Fake websites are designed to look exactly like real ones — your bank, Canada Post, the government, or a popular store. Criminals create them to steal your login information and credit card numbers. The web address (URL) is the most reliable clue. Real websites have short, clean addresses like "scotiabank.com" or "canada.ca". Fake sites often have extra words, numbers, or dashes added, like "scotiabank-secure-login.com" or "canada.ca.verify-id.net". The real domain is the last part before the first single slash. Another warning sign is very poor writing — misspelled words, odd grammar, or sentences that do not make sense. A real padlock in the address bar means the connection is encrypted, but it does not mean the site is honest — scammers can get padlocks too. If you received a link by email or text message, be extra careful. Type the web address yourself instead of clicking the link.

How to check if a website is real

  1. Look at the full web address — is it short and clean, or does it have extra words?
  2. Does the address start with the real company's name (e.g. "paypal.com"), or is "paypal" buried in the middle?
  3. Check for spelling mistakes on the page.
  4. If you received a link — do not click it. Type the address yourself.
  5. When in doubt, call the company directly using a phone number from their real website.

The 3-Second Rule

Before typing your password anywhere, look at the web address. Does it match the company exactly? One extra word or wrong letter means stop.

Important Warning

Never enter your password on a site you reached by clicking a link in an email or text message. Always navigate to the site yourself.

Learn More

Go deeper with our full lesson: Module 2: The Security Shield.

← Back to all Quick Answers