Scam Sites in 2026: The Red Flags You Can't Ignore

Imagine searching for running shoes on your smartphone, finding an insane deal โ€” 70% off, free shipping, glowing reviews โ€” you click, you pay. The shoes never arrive. The site vanishes. Your money too. Science fiction? No. It's the daily reality for millions of users every year.

The truth is that online scams are no longer the domain of amateurs running clunky sites filled with grammatical errors. Today there are tools based on artificial intelligence โ€” generative models like various GPTs or equivalent systems โ€” capable of producing credible web pages, flawless text, fake reviews, and even convincing corporate logos in mere seconds. The quality level of these scam sites has skyrocketed. And the average user's defenses haven't kept pace.

In this article I'll show you how the mechanism works, which technical and visual signals you need to learn to recognize, and most importantly what to do before clicking "buy." Spoiler: many of the useful tools you already have in your pocket, on your smartphone.

The Phenomenon Is Much Bigger Than You Think

Let's talk numbers, because numbers ground both the hype and the fear in equal measure. According to data aggregated by Wired Italia, reports of e-commerce fraud in Europe exceeded โ‚ฌ4.5 billion in damages in 2025, with an estimated 34% increase compared to 2023. In Italy, the Postal Police registered a steady rise in reports related to cloned sites and phantom shops, with peaks during Black Friday and holiday seasons.

What changed the rules of the game? Three words: generative artificial intelligence.

Until three or four years ago, a scam site was almost instantly recognizable: badly copied text, blurry images, surreal URLs, no HTTPS certificate. Not anymore. Cybercriminals use the same software that legitimate companies use to build landing pages, write product descriptions, and generate fake testimonials. Just a well-crafted prompt and a no-code platform. In less than an hour, you've got an online store that looks authentic.

The problem is structural, not marginal. And anyone telling you otherwise either hasn't updated their sources or has something to sell.

The Technical Red Flags: What Your Smartphone Can't See on Its Own

Here's the list. But don't expect something obvious: each point has a specific technical reason behind it.

1. The domain is suspicious โ€” always check it A URL like nikeoutlet-discounts.com or amazon-deals2026.net is a classic example of typosquatting or brand impersonation: techniques that involve creating domains similar to legitimate ones to fool the distracted user. Nike's official domain is nike.com. Period. Any variation is a red flag. On your smartphone it's easier to fall into the trap because the address bar is small and often hidden.

2. HTTPS isn't synonymous with security This is perhaps the most dangerous misconception. The green padlock โ€” the SSL/TLS certificate that guarantees encrypted connection โ€” only tells you that communication between you and the site is scrambled. It says nothing about the site's actual trustworthiness. Scammers get free SSL certificates in minutes through services like Let's Encrypt. A scam site can have a green padlock. Be wary of anyone using the padlock as proof of reliability.

3. Nonexistent or generic "About Us" pages Legitimate sites have a history, a verifiable physical address, a VAT number. Scam sites tend to have "About" sections full of fluent but empty text generated by artificial intelligence: nice phrases about "passion for quality" and "years of experience," without ever providing a real name, address, or working phone number.

4. Unusual payment methods Direct bank transfers, PostePay top-ups, cryptocurrencies, gift cards: these methods offer no consumer protection. Credit cards and systems like PayPal have chargeback protections โ€” meaning you can request a refund in case of fraud. If a site only accepts untraceable or non-refundable payment methods, it's almost always an alarm bell.

5. Reviews that are all perfect, all recent Authentic reviews have a natural distribution: someone's always unhappy, opinions are scattered over time, language varies. A profile with 200 five-star reviews all written in the same month, with similar phrasing and no company responses, is almost certainly artificially constructed. There's dedicated software that generates batches of fake reviews in seconds.

6. Absence of clear policies Privacy policies and Terms and Conditions written in generic language, not localized for Italian or European jurisdiction, or even copied from other sites (checkable by pasting a paragraph into Google) are precise warning signs. GDPR imposes specific requirements: a legitimate European site respects them.

7. The design is "too perfect" to be true Paradoxical, right? But in the age of artificial intelligence, a site built with AI templates tends to have a sterile perfection, lacking the personality typical of a real company. No authentic team photos, overly polished stock images, impeccable but anonymous fonts and colors.

How to Verify a Site: Practical Tools to Use Right Now

Here's what to do concretely, even directly from your smartphone.

  • Whois Lookup: services like whois.domaintools.com let you see when a domain was registered and by whom. A domain registered three weeks ago selling electronics with 60% discounts is extremely suspicious.

  • Google Safe Browsing: go to https://transparencyreport.google.com/safe-browsing/search and enter the site's URL. Google maintains an updated list of dangerous sites.

  • Search the phone number or email on Google: a legitimate company leaves traces on the web. If you search the number and find nothing, or find fraud reports, you have your answer.

  • Check the VAT number: if the site claims to be Italian, the VAT number is verifiable for free on the Revenue Agency website.

  • Use search engines to find external reviews: search the site's name + "reviews," "scam," "forum." Truffe.it and Trustpilot are useful starting points, but they too can be manipulated. Look for discussions on independent forums like Reddit or industry-specific forums.

  • Scan with your security software: many modern smartphone antivirus programs โ€” from Bitdefender to Norton to Kaspersky โ€” have real-time web protection modules that analyze URLs before the page even loads.

My Take

Let's be clear about one thing: the fault is almost never the user's. Years of "digital literacy" campaigns have shifted to individuals a responsibility that should belong to platforms. If Google, Meta, and marketplaces like Amazon or eBay genuinely wanted to eliminate scam sites from their search results and advertising spaces, they could do so much more aggressively. Verification technologies exist. What's missing is the will and economic incentive.

In my view, the real problem is that artificial intelligence has driven the cost of entry to zero for fraudsters. Once upon a time, building a credible site required skills, time, and money. Today you just need a twenty-dollar subscription to generative software and a few hours. The gap between attacker and defender has widened enormously.

What actually works? Manual verification โ€” boring and slow. No platform algorithm will protect you completely. You need the habit โ€” and systematic skepticism โ€” of stopping thirty seconds before you buy. In my experience, people who get scammed aren't stupid: they're simply in a hurry.

The Risks Nobody Tells You About

This section is the one that really matters. Often online scams are discussed as if the damage were purely financial. It's not.

Identity theft is more serious than money loss. When you enter your name, surname, address, card number, and sometimes even a copy of your ID on a fraudulent site, your data enters a parallel market. On the dark web, a complete set of Italian personal data is worth between โ‚ฌ30 and โ‚ฌ150, depending on how complete it is. That data gets resold multiple times, used to secure financing, for tax fraud, for SIM swapping โ€” a technique where criminals transfer your phone number to a SIM they control to bypass two-factor authentication.

The smartphone is the most underestimated weak point. Most users operate their mobile devices without protective software. The small screen hides URLs. Push notifications can be spoofed โ€” faked โ€” to look like legitimate bank communications. And many cloned apps still slip through unnoticed on the stores, despite Apple and Google's claimed controls.

Artificial intelligence is also a weapon for voice phishing. In 2025, documented cases emerged of scams where an AI-cloned audio โ€” the voice of a family member or bank official โ€” was used to call victims and convince them to make transfers. According to TechCrunch, scams based on voice cloning increased by 300% in two years. This isn't just about sites: it's about the entire digital ecosystem.

The Case of Marco Ferretti, Milan, 2025

Marco Ferretti, 41, a freelance graphic designer from Milan, lost โ‚ฌ2,340 in November 2025. He found an ad on Instagram for a discounted professional tablet. The site was polished, had reviews, a detailed FAQ section, even a live chat โ€” actually a chatbot powered by AI that responded convincingly.

He paid with PostePay. The tablet never arrived. The live chat stopped responding. The site disappeared after ten days. His report to the Postal Police was shelved: the servers were in a non-EU country, the perpetrators untraceable.

What could have saved him? Simple: checking the domain on Whois would have revealed it was registered twelve days earlier. That detail alone would have closed the case.

Frequently Asked Questions

Q: How do I know if a site is safe before buying? A: Check the domain's age on a Whois service, verify the presence of a real VAT number, and search the site's name on Google adding the word "scam." Three moves that take three minutes and cover most risks.

Q: Does the HTTPS padlock mean the site is trustworthy? A: No. The padlock only certifies that the connection is encrypted, not that the site is legitimate. Scammers get free SSL certificates easily. Don't trust just the padlock.

Q: What do I do if I've already entered my data on a suspicious site? A: Immediately block the affected credit card or bank account, change passwords for accounts linked to the email you used, file a report with the Postal Police, and report the site to the AGCM (Antitrust Authority).

Q: Can artificial intelligence help me recognize scams? A: Yes and no. There are browser extensions and software using AI to analyze pages in real time. But AI is also the tool fraudsters use to build sites. The best weapon remains the habit of manual verification.

Q: Are marketplaces like Amazon or eBay 100% safe? A: No. Both platforms host third-party sellers, some of whom are fraudulent. Always check the specific seller's ratings, account registration date, and return policies before buying.

Conclusion

To recap the three points that really matter: first, artificial intelligence has made scam sites indistinguishable at a glance from legitimate ones โ€” visual quality level is no longer a reliable indicator. Second, verification tools exist, are free, and often already on your smartphone: using them takes thirty seconds, not hours. Third, the damage from an online scam rarely stops at money: the identity theft it can cause is a problem that lasts years.

The immediate practical advice? Starting today, before any purchase on an unfamiliar site, copy the URL and paste it into a Whois service. If the domain is less than three months old, close the tab. Nothing more needed.