Submitted by Global Scam Watch on

Https or notI really struggled with a short menu name for this article and still think I did not get it right, basically the point of the article is to address common misconceptions of what the HTTPS and 🔒 Icon really mean and more importantly what they do NOT mean.

Online shopping scams have quietly grown more sophisticated. The days of obvious fake websites with poor grammar and broken layouts are largely gone. In their place are near-perfect copies of legitimate online stores, designed to look trustworthy, familiar, and professional. At the center of this deception is a widespread misunderstanding about HTTPS and what it actually means.

Many consumers believe the padlock icon or the presence of HTTPS in the address bar guarantees a website is safe and legitimate. ❌ WRONG!

What HTTPS really means

HTTPS only indicates the connection between your browser and the website is encrypted. It means the information you send, such as passwords or payment details, is protected from being easily intercepted while it travels across the internet. Obtaining an SSL certificate, which enables HTTPS, is trivial. Certificates can be issued automatically and often at no cost. If someone controls a domain name, they can usually secure HTTPS within minutes.

  • HTTPS does not verify who owns the website. 
  • It does not confirm that a business is real. 
  • It does not confirm that a site is affiliated with the brand it claims to represent. 
  • A fraudulent online store can use HTTPS just as easily as a global retailer.
  • There is no screening process to determine whether the site is legitimate or malicious.
  • Encryption protects data in transit, not consumers from fraud.

Scammers understand many users stop evaluating a site once they see the lock icon, which makes HTTPS a powerful tool for deception rather than protection.

🔎How website cloning works

Website cloning in online shopping is often extremely precise, fraudsters copy entire storefronts including logos, branding, product photos, descriptions, policies, and even customer reviews. In some cases, the real business exists and has no idea its site has been duplicated. In other cases, the brand itself is entirely fictional.

The cloned site functions normally up to the point of payment. Orders appear to go through, confirmation emails may even be sent, and then nothing arrives and the money is gone. The real retailer never received the order, and visually there is often nothing obviously wrong with the site

🚩The real warning sign is the URL

The most reliable indicator of a cloned shopping site is the web address itself. Scammers rely on subtle URL manipulation most people do not notice, especially on mobile devices where full addresses are often truncated.

Common tactics include:

  • Adding extra words to a brand name - A legitimate site might use a simple domain, while the fake version adds terms like shop, store, outlet, or sale. At a glance, the address looks reasonable, but it is an entirely different domain.
  • Misspellings are another frequent trick. One extra letter, one missing letter, or a slight rearrangement can easily slip past a quick glance. The site appears correct visually but leads somewhere else entirely.
  • More advanced scams use look-alike characters from other writing systems - Some characters appear identical to standard English letters but are technically different letters or even numbers. To the human eye, the URL looks correct. To the browser, it points to a different website controlled by the scammer.
  • Subdomains are also used to mislead - An address may appear to include a trusted brand name at the beginning, but the actual domain is at the end of the address. Everything before the true domain can be manipulated to create a false sense of legitimacy.

Why these scams work so well

These scams succeed because they exploit trust shortcuts. People are trained to look for HTTPS instead of verifying the domain itself. Social media ads and search engine ads further reinforce legitimacy by placing cloned sites alongside real businesses. Combined with professional design and realistic pricing, the deception is convincing and by the time the problem becomes apparent, the transaction is complete and recovery is unlikely.

Other warning signs you are about to get ripped off

Beyond HTTPS and URL manipulation, cloned shopping sites often share a set of behavioural red flags appearing to those who slow down and look past the flashy surface and product allure. These warning signs are not always obvious individually, but together they form a pattern experienced scammers rely on.

Too Good to be True. The discount is often framed as a limited-time sale, liquidation, or warehouse clear-out, designed to create urgency and suppress scrutiny. The price may not be absurdly low, just low enough to override hesitation, especially when paired with countdown timers or claims of limited stock.

Hinky Payment methods. Scam sites frequently push customers toward non-reversible payment options or unusual combinations of methods. Credit cards may be hidden behind multiple steps, while alternatives are emphasized. Once payment is sent, there is little or no recourse.

Contact information. Many fraudulent sites either provide no contact details at all or list generic email addresses with no physical address or customer service phone number. If an address is listed, it may be incomplete, copied from another business, or lead nowhere when checked.

Poorly written policies. Shipping, refund, and return policies are often vague, contradictory, or copied word-for-word from other websites. In some cases, policy pages reference a completely different company name, revealing the site was assembled quickly using reused content.

Domain age and online presence. Many scam stores are newly registered and have little to no history outside of paid ads. A lack of independent reviews, or reviews that only exist on the site itself, should raise concern. When reviews do appear elsewhere, they are often generic, repetitive, or posted in short bursts.

Pressure tactics. Repeated pop-ups, aggressive countdowns, warnings about items selling out, or prompts claiming multiple people are viewing the same product are all designed to rush decisions. Legitimate retailers do not need to force urgency to this degree.

Taken together, these signs point to the same conclusion. Online shopping scams succeed not because consumers are careless, but because the scams are designed to look just legitimate enough to bypass quick checks. When a site relies heavily on urgency, obscures basic business information, and pushes you to complete a transaction quickly, it is worth stepping back. In online shopping, slowing down is often the simplest and most effective form of protection.

The uncomfortable truth about online safety

HTTPS is now a baseline technical feature, not a badge of trust. It should be expected in a site where you transmit personal, financial or log-in information, this simply ensures the information will not be intercepted. HTTPS should not be relied upon as a legitimacy verifier, the real defense lies in carefully examining the exact web address, being cautious with unfamiliar retailers, and understanding visual polish does not equal legitimacy.

The lock icon keeps your data private while it travels. It does not tell you who you are giving it to, in modern online shopping, that distinction is critical.