domain Scam
Chargeback-Insulated Merchant Scam
Some merchants juggle offshore processors and straw companies to make chargebacks nearly impossible. WebVetted follows descriptor changes, payment gateways, and hosting shifts to reveal when a checkout is built to defeat refunds.
Red flags
- Descriptor on your receipt does not match the brand shown on the site.
- Checkout jumps between multiple PSPs or forces crypto settlement.
- Refund policy requires notarized affidavits or gives only PO boxes overseas.
How to Respond
- Capture payment form details with the Website Safety Checker before purchasing.
- Document descriptors and processor names to strengthen any bank dispute.
- Share findings with fellow shoppers through WebVetted reports so the processor feels pressure to offboard them.
📌 Case study
We chased a supplement seller that rotated through five shell LLCs and forced disputes to Belize. Another case involved a marketplace that claimed “no refunds” while silently rebilling customers every week.
Related tools
domain Scam
Clone Banking Website
Fraud groups copy entire retail banking front-ends, from hero banners to chatbot widgets, to steal credentials and OTP codes. WebVetted maps DNS changes, payment gateways, and certificate anomalies that real banks would never ship.
Red flags
- Domain swaps one letter or adds support-login next to the bank name.
- Contact buttons send you to WhatsApp numbers or Gmail addresses instead of the bank.
- OTP prompts appear before username or password validation.
How to Respond
- Submit the domain to the Website Safety Checker and save the PDF for the bank’s security desk.
- Verify SSL issuers and WHOIS ownership against the institution’s official records.
- Report the clone to browser safe-browsing programs and national cybercrime hotlines.
📌 Case study
Investigators tied twelve clone credit union domains to the same Eastern European VPS and exposed their OTP forwarding bot. Another case mirrored a Philippine bank where the fake live chat transferred victims to Telegram for “KYC help.”
Related tools
domain Scam
Crypto Investment Landing Page Scam
High-pressure funnels promise impossible APYs and embed unlicensed wallets or merchant IDs. WebVetted dissects the hosting stack, wallet destinations, and previously linked rug pulls before you fund them.
Red flags
- Guaranteed returns or referral multipliers with no risk disclosures.
- Wallet address rotates through text fields rather than a trusted checkout.
- Testimonials use AI headshots or link to unrelated LinkedIn profiles.
How to Respond
- Use the Website Safety Checker to capture infrastructure details and hosting history.
- Lookup every wallet or merchant ID mentioned and compare to previous WebVetted casework.
- Escalate to your exchange or bank with the preserved evidence before disputing transfers.
📌 Case study
One landing page claimed to be Binance-backed yet resolved to a pocket hosting account in Lagos. Another reused footage from a Canadian hedge fund promo while pushing deposits to a Tron wallet recycled across seven scams.
Related tools
domain Scam
Crypto Wallet Drainer Link
Wallet drainer kits disguise themselves as NFT mints or staking dashboards, then request malicious approvals that empty assets. WebVetted collects JavaScript signatures, smart contract calls, and previous victim reports tied to the URL.
Red flags
- Site requests unlimited spend approval for every token in a wallet.
- Connect wallet button triggers errors unless you sideload a specific plugin.
- Terms of service are copied from unrelated tech companies with no contact info.
How to Respond
- Analyze the link with the Website Safety Checker to surface hosting and malicious script hashes.
- Use a read-only wallet or burner device when interacting for forensic purposes.
- Revoke any approvals through a trusted on-chain explorer if you clicked through.
📌 Case study
One drainer blasted Discord with airdrop links that secretly called a sweeping contract once users signed. Another impersonated Phantom Wallet support and delivered a sideloaded extension that replaced clipboard addresses.
Related tools
domain Scam
Emergency Disaster Charity Scam Site
Right after storms or earthquakes, scammers stand up donation pages that copy legitimate NGOs and push crypto wallets. WebVetted analyzes domain age, hosting metadata, and processor IDs to prove when a charity pitch is bogus.
Red flags
- Donation instructions change daily or point to gift card wish lists.
- Site uses photos ripped from wire services without attribution.
- No details about how funds are used beyond vague “direct relief” claims.
How to Respond
- Run the site through the Website Safety Checker to save DNS and registrar evidence.
- Compare the charity name to government registries and watchlists.
- Encourage donors to give through verified NGO pages once you confirm the copycat.
📌 Case study
We spotted a “Cyclone Relief Fund” that used the Red Cross logo while diverting donations to Binance. Another case recycled a three-year-old wildfire article while claiming to be a brand-new non-profit.
Related tools
domain Scam
Fake App Store Clone Download Page
Fraudsters build fake App Store or Play Store mirrors that deliver sideloaded malware or solicit payments. WebVetted reviews certificate data, bundle IDs, and download links to expose fakes.
Red flags
- Page demands direct APK downloads instead of linking to official stores.
- Developer contact info lists generic Gmail addresses or WhatsApp numbers.
- Version history and review counts remain static for months.
How to Respond
- Use the Website Safety Checker to document where the download actually originates.
- Cross-check the bundle ID and developer name within the real App Store or Google Play.
- If installed, remove the rogue app and reset any credentials shared during setup.
📌 Case study
A banking trojan crew pushed a “Play Store” page that sideloaded an SMS grabber signed by a random shell company. Another clone used the Apple brand but rerouted buyers to a Shopify checkout for “activation keys.”
Related tools
domain Scam
Fake BNPL Merchant Checkout
Fraudulent merchants mimic BNPL widgets to capture card and ID data without ever delivering goods. WebVetted captures iframe sources, merchant IDs, and dispute histories to prove the checkout is counterfeit.
Red flags
- BNPL logos are low-resolution or link to static images instead of live scripts.
- Checkout collects sensitive IDs unrelated to the product category.
- Terms of service bury arbitration clauses in unrelated jurisdictions.
How to Respond
- Scan the site with the Website Safety Checker and save evidence of the fake widget.
- Reach out to the real BNPL provider with your screenshots so they can shut down brand abuse.
- If you checked out, freeze affected cards and file disputes referencing the counterfeit integration.
📌 Case study
One electronics site faked an Afterpay widget that piped every card number into a spreadsheet. Another scam set up a Klarna-like modal but redirected shoppers to Telegram once the deposit cleared.
Related tools
domain Scam
Fake Charity Donation Page
Scammers mirror relief charities after every disaster, leaning on emotional photos and cloned press releases. WebVetted looks at EIN data, processing partners, and DNS age to separate real aid groups from cash-grabs.
Red flags
- Donation form routes payments to personal PayPal or crypto wallets.
- No mention of the organization’s registration number or board of directors.
- Press badges or testimonials cite outlets that never ran the claimed story.
How to Respond
- Scan the URL with the Website Safety Checker and download the dossier.
- Cross-check the charity name against government registries before donating.
- Forward findings to the legitimate nonprofit so they can warn donors and pursue takedowns.
📌 Case study
Analysts flagged a “wildfire fund” that reused UNICEF photos while money flowed to a private Cash App. Another case copied Doctors Without Borders copy but hosted the form on a throwaway Wix domain registered hours earlier.
Related tools
domain Scam
Fake Crypto Exchange Front-End
Fraud crews stitch together slick trading dashboards that never connect to real liquidity. WebVetted cross-references the UI with licensing databases, wallet activity, and previously reported drainers before you deposit a satoshi.
Red flags
- No mention of regulatory registration despite claiming to serve multiple regions.
- Deposit addresses refresh each time the page loads yet never reflect blockchain confirmations.
- Support chat insists on remote desktop sessions to “unlock” withdrawals.
How to Respond
- Scan the site with the Website Safety Checker to capture infrastructure fingerprints and certificate data.
- Search WebVetted reports for the advertised wallet IDs or liquidation partners.
- Before moving funds, contact your exchange or bank’s fraud desk with the collected screenshots.
📌 Case study
One fake exchange mirrored OKX charts but routed deposits to a mixer controlled by the same team behind three pig-butchering rings. Another incident used a convincing iOS web wrapper that stalled withdrawals unless victims paid a 30 percent “tax.”
Related tools
domain Scam
Fake Customer Support Portal
Attackers spin up “support” portals for banks, airlines, or telcos that funnel visitors into remote desktop or payment traps. WebVetted spot-checks the domain’s ownership, third-party scripts, and contact workflows to confirm whether it belongs to the brand.
Red flags
- Support numbers link to personal messaging apps rather than the company’s listed phones.
- Page urges you to install remote-control tools or APKs to receive help.
- Ticket form asks for card PINs, CVV, or full passwords.
How to Respond
- Use the Website Safety Checker to validate ownership, SSL issuers, and embedded scripts.
- Cross-reference support channels with the company’s verified site or mobile app.
- Report the fake portal to the brand’s abuse contact and submit the evidence bundle.
📌 Case study
We recorded a rash of “Cash App Support” clones where the chat agent immediately requested control of the victim’s phone. Another portal abused a fake screen-sharing plugin to steal one-time bank codes during the session.
domain Scam
Fake Escrow Service URL
Fraudsters impersonate well-known escrow platforms or create fake ones so buyers wire money into their own accounts. WebVetted inspects DNS history, legal disclosures, and payout instructions to confirm whether the escrow agent is real.
Red flags
- Escrow site lacks licensing info or address details.
- Fee calculator is hard-coded and never references transaction IDs.
- Chat agents pressure both parties to release funds earlier than agreed.
How to Respond
- Submit the escrow domain to the Website Safety Checker and preserve the PDF for negotiations.
- Call the legitimate escrow provider using numbers from their verified site.
- Delay shipments or payments until the third party confirms the account truly exists.
📌 Case study
We exposed a fake Escrow.com mirror that replaced payout details with a Hong Kong bank. Another case borrowed the logos of a Canadian law firm while routing deposits to a personal Revolut wallet.
Related tools
domain Scam
Fake Fiat On-Ramp Broker
On-ramp brokers promise low fees to move cash into crypto but actually hold deposits hostage or launder them. WebVetted reviews their licensing, partner integrations, and past takedowns so you avoid wiring money into a black hole.
Red flags
- Broker claims to partner with Coinbase or Binance but never provides verifiable API details.
- Requires deposits via obscure fintech apps unrelated to mainstream banking.
- Dashboard locks withdrawals unless you pay an arbitrary “tax clearance” fee.
How to Respond
- Run the broker URL through the Website Safety Checker to surface corporate records and infrastructure.
- Confirm the entity on official regulator databases before moving funds.
- If money is stuck, compile the evidence and submit a complaint to both the regulator and your bank’s fraud team.
📌 Case study
A Hong Kong themed broker we investigated spoofed banking screenshots while quietly bouncing payments through gift card exchanges. Another outfit bragged about FCA licensing but forged every certificate on the site.
Related tools
domain Scam
Fake News & Review Aggregator Scam
Pseudo-news portals scrape legitimate outlets, tack on fake star ratings, and funnel traffic to shady merchants. WebVetted compares publishing histories, ad IDs, and affiliate tags to reveal that the “editorial” voice is just a scam funnel.
Red flags
- Every article ends with the same “featured offer” button leading to high-risk merchants.
- Author bios reuse stock portraits or have no linked social accounts.
- Site lacks a masthead, address, or advertising disclosure despite product pitches.
How to Respond
- Run the site through the Website Safety Checker to log ad IDs and affiliate patterns.
- Search for the “journalists” on LinkedIn or Twitter to confirm they exist.
- Call out the deceptive endorsements in complaints to the FTC or your ad network.
📌 Case study
One portal pretended to be a consumer watchdog while driving all clicks to a fake antivirus checkout. Another scraped Forbes articles but swapped in affiliate links that routed through three cloaking domains.
Related tools
domain Scam
Fake SaaS Login Page
Phishing crews spin up carbon-copy login portals for CRM and finance tools, siphoning credentials before users realize the domain is off. WebVetted inspects SSL metadata, script destinations, and prior abuse reports to prove the clone is rogue.
Red flags
- URL tacks the brand name onto an unrelated TLD or adds filler terms like secure-login.
- Form posts to an IP or script path that never appears on the legitimate vendor site.
- Fonts, CDN files, or account recovery widgets that normally load from first-party domains are missing or broken.
How to Respond
- Run the URL through the Website Safety Checker to capture hosting, WHOIS, and malware context.
- Compare SSL certificates and script inventories against the legitimate SaaS domain before logging in.
- Reset passwords and revoke sessions for any teammate who interacted with the clone.
📌 Case study
We recently dismantled a batch of Monday.com clones that forwarded passwords to a Telegram bot. Another incident involved Salesforce-lookalike pages that proxied MFA codes through a compromised WordPress plugin.
Related tools
domain Scam
Fake VPN / Security Software Site
Copycat VPN brands push shady installers that harvest browser data or open a remote tunnel for attackers. WebVetted fingerprints code-signing claims, reseller IDs, and network calls so you can reject risky binaries.
Red flags
- Guarantees lifetime protection for a one-time fee far below market rates.
- Download button delivers an EXE or APK that antivirus tools immediately flag.
- Testimonials use stock photography with mismatched names or geographies.
How to Respond
- Analyze the URL inside the Website Safety Checker before running any installer.
- Compare hashes and version numbers against the legitimate vendor download center.
- If a device was exposed, uninstall the rogue app and rotate credentials for sensitive accounts.
📌 Case study
A fake “PhotonVPN” build we reviewed exfiltrated clipboard contents whenever a crypto address was copied. Another pretended to be Malwarebytes yet redirected buyers to a reseller ID tied to tech support scammers.
domain Scam
Giveaway Landing Page Phishing
Giveaway pages entice with consoles or flights, then harvest card data and selfies “for verification.” WebVetted checks registration history, tracking pixels, and payout promises to expose the lure.
Red flags
- Asks you to pay a processing fee or shipping before confirming any win.
- Rules page is missing, unfinished, or links to unrelated PDF templates.
- Countdown timers reset on refresh to manufacture urgency.
How to Respond
- Input the URL into the Website Safety Checker to capture ownership and script behavior.
- Compare the promotion to announcements on the brand’s official social channels.
- Refuse to share payment details or IDs until you confirm the giveaway with the named sponsor.
📌 Case study
Our team removed a PlayStation 5 giveaway site that embedded Stripe keys tied to a known romance scammer. Another funnel reused a Delta Air Lines sweepstakes but hosted the form on a disposable domain with no TLS.
Related tools
domain Scam
Government Tax Refund Phishing Site
Fraudsters spoof tax agencies during filing season, promising fast refunds if you hand over SSNs and card data. WebVetted profiles certificate issuers, hosting ASNs, and embedded scripts to confirm whether the portal belongs to a government network.
Red flags
- Portal hosted on commercial clouds without government subdomains or .gov/.state extensions.
- Countdown clocks or urgent banners threatening penalties for not clicking now.
- Request for debit card front-and-back photos during the supposed refund process.
How to Respond
- Run the domain through the Website Safety Checker and archive the PDF for state revenue investigators.
- Compare the URL to official government portal listings before entering data.
- Report the scam to your national tax agency with the preserved evidence.
📌 Case study
We traced multiple “IRS Relief” clones to a single Shopify store that simply collected PII and sold it downstream. Another report exposed a CRA-themed site using Google Forms to harvest driver licenses.
Related tools
domain Scam
Instant Loan Approval Bait
Instant approval funnels promise same-day cash once you upload sensitive IDs, then resell the data or charge bogus fees. WebVetted benchmarks SSL age, ownership, and payment endpoints to prove the funnel is just harvesting identities.
Red flags
- Requests full SSN, bank logins, or paycheck stubs before any disclosures.
- Claims to approve everyone regardless of credit or employment documentation.
- Application steps hosted on mixed domains with no privacy policy.
How to Respond
- Put the domain into the Website Safety Checker to collect the legal entities operating it.
- Compare privacy terms and lender names against state licensing databases.
- If information was submitted, freeze credit and file an FTC identity theft report with your evidence bundle.
📌 Case study
We investigated a “90-second payday” site where the form fed directly into a lead broker tied to ransomware crews. Another lure demanded a processing fee via gift card, then ghosted applicants once codes were sent.
Related tools
domain Scam
Investment Webinar Funnel Scam
Webinars promise secret trading signals but quietly upsell unregistered brokers or payment wallets. WebVetted inspects registration forms, payment processors, and backend hosts to determine whether the “workshop” leads into fraud.
Red flags
- Presenter hides their full name or only uses initials and stock photos.
- Paywalls appear immediately after registering, demanding crypto to “unlock seats.”
- Fine print disclaims any regulatory oversight or lumps results into testimonials.
How to Respond
- Run the landing page through the Website Safety Checker to log ownership and analytics IDs.
- Research the presenter across LinkedIn and other socials before wiring funds.
- Collect all promotional emails and submit them to your financial regulator if the offer looks shady.
📌 Case study
An options “masterclass” we tracked routed attendees to a Telegram room that demanded tether deposits. Another funnel pretended to be sponsored by CNBC yet resolved to a generic Wix template registered the same day.
Related tools
domain Scam
Malware Download Landing Page
Landing pages promise cracked software or video codecs but actually drop stealers and remote access trojans. WebVetted fingerprints download URLs, file hashes, and suspicious redirect chains so you can quarantine the threat.
Red flags
- Browser prompts to disable antivirus or “allow notifications” before the download starts.
- File size and icon do not match the promised application.
- Download link is obfuscated through multiple ad trackers or direct IP addresses.
How to Respond
- Run the landing URL through the Website Safety Checker to log redirects and payload locations.
- Upload any downloaded files to a sandboxed environment before executing them.
- Notify impacted endpoints and reset credentials exposed during the compromise window.
📌 Case study
Analysts caught a Chrome update lure delivering Racoon Stealer hosted on a hijacked dentist website. Another case involved fake video player pages that launched an MSI signed with a revoked certificate.
Related tools
domain Scam
Ponzi Yield Farming DApp Scam
Ponzi dApps promise stable, double-digit daily returns but rely on nonstop deposits to pay early users. WebVetted inspects contract creators, admin keys, and liquidity flows to reveal when the “farm” is just a payout shell.
Red flags
- No published audit or GitHub repository despite handling funds.
- Developer wallet retains pause or upgrade privileges.
- Rewards chart stays flat regardless of token price or TVL swings.
How to Respond
- Feed the site into the Website Safety Checker and store copies of the advertised contract addresses.
- Search for prior audits or community calls that confirm who controls the admin keys.
- Avoid staking from wallets that also hold long-term assets until the project proves real reserves.
📌 Case study
A so-called algorithmic farm we tracked siphoned 40 percent of deposits to a central wallet before rugged. Another fork simply copied an open-source UI and swapped the logo while the contract drained liquidity every 12 hours.
Related tools
domain Scam
SEO-Poisoned Brand Misspelling Site
Fraudsters buy ads or rig search results for brand misspellings that redirect into credential theft kits. WebVetted cross-references DNS history, redirect rules, and monetization IDs to uncover the trap.
Red flags
- Page loads after several redirect hops or briefly flashes unrelated content.
- Sponsored search results with awkward capitalization or emoji-laden copy.
- Security certificates issued within hours of the first visitor spike.
How to Respond
- Submit the misspelled domain to the Website Safety Checker and capture redirect behavior.
- Report malicious ads directly inside the search platform with your evidence screenshots.
- Warn colleagues and bookmark the correct brand URL to avoid future poisonings.
📌 Case study
We saw a typo domain for TurboTax that shuttled visitors through three cloaked affiliate networks before dropping a credential harvester. Another case hijacked the top search slot for a travel brand and force-installed a malicious Chrome extension.
Related tools
domain Scam
Stablecoin Arbitrage Ponzi Scheme
Stablecoin arbitrage “teams” guarantee 3 percent daily yield by claiming access to insider liquidity. WebVetted evaluates the math, traces wallet payouts, and checks business registrations to show when the pitch is impossible.
Red flags
- Graphs show a perfect upward line with no drawdowns or volatility.
- Referral structure pays more for bringing in deposits than for trading results.
- Team photos are recycled from stock imagery or LinkedIn without consent.
How to Respond
- Use the Website Safety Checker to catalogue company addresses, bank accounts, and domain history.
- Inspect on-chain wallets they publish to confirm whether trades exist at all.
- Report the Ponzi pitch to your securities regulator with the preserved dossier.
📌 Case study
We uncovered a “USDT parity fund” that simply paid old investors with new tether until withdrawals overwhelmed it. Another purported arbitrage bot insisted victims pay a release fee before returning their own deposits.
Related tools
domain Scam
Tech Support Browser Pop-Up Scam
Browser lockers simulate vendor warnings and blare alarms until you call a fake support desk. WebVetted captures the scripts, callback numbers, and known malware payloads behind these pop-ups so you can shut them down.
Red flags
- Audio alarms or countdown timers that trigger as soon as the page loads.
- Phone numbers starting with toll-free prefixes that do not match the real vendor’s support page.
- Instructions to install remote desktop software before anyone verifies your case ID.
How to Respond
- Paste the URL into the Website Safety Checker to capture caller IDs and hosting data.
- Force close the browser or use the task manager rather than dialing the number shown.
- Report the pop-up and call recordings to the impersonated brand for takedown.
📌 Case study
We logged a wave of Windows Defender pop-ups that redirected callers to a boiler room selling $500 “firewall renewals.” Another run hijacked Safari and pushed Mac users into sharing iCloud logins over the phone.
Related tools
domain Scam
Ticket Resale Fraud Website
Scammers clone legitimate ticket exchanges or invent resale hubs that require wire transfers and Zelle deposits. WebVetted analyzes merchant providers, refund language, and embedded trackers to reveal whether the storefront is just brokering air.
Red flags
- Only accepts wires, Cash App, or crypto with no buyer protection.
- Seat maps and logos lifted directly from Ticketmaster or StubHub with inconsistent branding elsewhere.
- Refund policy is hidden or claims “all sales final” while promising guaranteed delivery.
How to Respond
- Run the marketplace through the Website Safety Checker to log hosting history and payment processors.
- Compare seller guarantees to the official venue and confirm contact details through trusted sources.
- If you paid, screenshot every step and file disputes with your bank and the actual ticket platform.
📌 Case study
Our analysts caught a Taylor Swift resale site whose checkout pointed to a florist’s Stripe account. Another campaign emailed fake parking passes from a subdomain that was registered the morning of the show.
Related tools
Need evidence for a bank or police report?
Generate a full entity dossier plus user-submitted reviews and then share the PDF with law enforcement or platform trust teams.