• en

    • Scamadviser Algorithm Explainer

    News about Scamadviser
    #Other Scams, Hoaxes and Frauds
    Copied
    Header
    March 25, 2025

    Disclaimer: Information updated as of March 2026 to include current scam trends, algorithm transparency notes, and free business verification procedures.

    Why ScamAdviser Exists: The Founding Story

    In 2012, our founder bought a set of golf clubs online but they arrived fake. He tried every avenue to get his money back and failed. ScamAdviser was born out of that frustration, a free tool to help every online shopper make a more informed decision before handing over their money. Today, over 8 million consumers use ScamAdviser monthly to check websites before they buy, share personal data, or engage with an unknown platform.

    What is the ScamAdviser Trust Score?

    The Trust Score is a number between 1 and 100 that represents how likely a website is to be safe and trustworthy. A higher score means more positive signals. A lower score means more warning signs. This is not a verdict. It is a risk indicator based on automated analysis across 40+ independent data sources that are continuously updated as new information becomes available.

    The score is dynamic: it changes over time as the website’s content, infrastructure, reputation, and user reviews evolve. This means a site that scores 30 today can score 75 in six months if it establishes a legitimate track record.

    The Core Principle

    The Trust Score is calculated by weighing positive signals against negative signals. No single factor determines the score. A new domain might lower a score, but a verified SSL certificate, active social media presence, and positive Trustpilot reviews will push it back up. The final score reflects the balance of all available evidence.

    The 40+ Signals: A Complete Breakdown by Category

    While we cannot reveal every detail of our methodology (otherwise scammers would game the system), we can share the major signal categories and what they measure. These are organised into five groups:

    Domain & Registration Signals

    • Domain age:  How long the website has been registered. Very new domains (under 6 months) score lower, as most scam sites appear and disappear quickly.
    • Registration period:  How far into the future the domain is registered. Legitimate businesses often register for multiple years, while scam sites typically register for just 12 months.
    • WHOIS data availability:  Whether the registrant’s details are publicly available or hidden behind a privacy service.
    • Domain registrar reputation:  Whether the domain registrar is associated with high volumes of fraudulent registrations.
    • Free email addresses used:  Whether the site uses a free email platform (e.g., Gmail, Yahoo, Proton, etc.) for their contact addresses rather than a branded domain email.
    • Top-level domain (TLD) risk:  Certain TLDs (e.g. .xyz, .top, .click, etc.) are disproportionately associated with scam activity.

    Technical & Server Signals

    1. Server & DNS location:  Where the website’s server is physically hosted. Certain hosting regions are disproportionately associated with scam infrastructure.
    2. IP address reputation:  Whether the server IP is on any blacklists or is shared with known malicious domains.
    3. SSL certificate quality:  Whether the site has a valid SSL certificate, and whether it is a basic validation (DV) or extended validation (EV) certificate.
    4. Presence of malware:  Whether the site has been flagged for hosting or distributing malicious software.
    5. Previous hacking history:  Whether the domain has been compromised in the past.
    6. Registrar blacklist:  Whether the domain registrar appears on known registrar blacklists.
    7. ISP blacklist:  Whether the Internet Service Provider is associated with hosting fraudulent sites.
    8. Other domains on the same server:  Whether the site shares a server with other low-trust or flagged websites.
    9. Website performance & speed:  Technical quality of the website infrastructure - very low-quality hosting is associated with disposable scam sites.
    10. Search engine blocking:  Whether the site prevents search engines from indexing it - a significant red flag.

    Reputation & Review Signals

    • ScamAdviser user reviews:  Reports and ratings submitted directly by ScamAdviser users who have experience with the site.
    • Trustpilot score & volume:  Independent review scores from Trustpilot, weighted by volume and recency.
    • SiteJabber reviews:  Consumer reviews from SiteJabber, an independent consumer review platform.
    • Web of Trust (WOT) ratings:  Community-sourced safety ratings from the Web of Trust browser extension network.
    • Tranco popularity rank:  A website’s traffic-based popularity ranking. High-traffic sites typically score better; very low-traffic sites raise questions.
    • Number of backlinks:  The volume and quality of websites linking to the domain. Legitimate businesses accumulate natural backlinks over time.
    • Association memberships:  Whether the site is a member of verified industry associations (e.g. ecommerce or consumer protection organisations).
    • Use of trust seals:  Whether the site displays verified trust seals from recognised certification bodies.

    Business & Transparency Signals

    1. Contact details availability:  Whether the site displays a physical address, phone number, and email. Hidden or generic contact details lower the score.
    2. Use of generic or P.O. Box address:  Whether the business address is a real premises or a generic mail forwarding address.
    3. Company registration verification:  Whether the business can be verified against official company registries.
    4. Product category offered:  Certain product categories (e.g., heavily discounted luxury goods, pharmaceutical products, investments schemes, etc.) are higher-risk by nature.
    5. Payment methods offered:  Whether the site accepts traceable payment methods (e.g., card, PayPal, etc.) or untraceable methods (e.g., crypto).
    6. Use of internal review system:  Whether the site relies solely on its own hosted reviews rather than also augmenting with independent third-party platforms.
    7. Physical address verification:  Cross-referencing the claimed address against maps and business registry data.

    Social & Content Signals

    • Active social media presence:  Whether the site has real, active social media accounts with genuine engagement and not just placeholder pages.
    • Social media account age:  How long the social media accounts have been active. Newly created accounts alongside a new domain is a compound risk signal.
    • Website content quality:  Whether the content is original, well-structured, and coherent. Or thin, duplicated, or poorly translated.
    • Technology stack used:  The platform and technologies underlying the website, some of which are disproportionately used by fraudulent operators.
    • External review scores aggregated:  A weighted composite of all available independent review platform data.

    The Trust Score Scale: What Each Band Means — And What To Do

    Each score range carries a different level of risk and warrants a different level of response. Here is how to interpret the full scale:

    Score What it Means What You Should Do
    1–20 🔴 Very Likely Unsafe High risk of malware, phishing, or fraud. Multiple serious warning signals detected.
    Do not visit. Do not enter any personal or payment information. Report to ScamAdviser and/or Law Enforcement.
    21–40 🟠 Likely Unsafe Significant warning signals present. May contain questionable practices or fraudulent offerings.
    Avoid transactions. Search for independent reviews on Google. Check the business on Companies House or other country registries.
    41–60 🟡 Caution  Recommended Mixed signals. The site is neither clearly safe nor clearly dangerous. Often a new or low-traffic legitimate site.
    Verify the physical address, check for a LinkedIn company page, search “[brand_name] reviews” on Google before proceeding.
    61–80 🟢 Likely Safe More positive than negative signals. Low-to-moderate risk. Most legitimate businesses fall in this range.
    Reasonable to proceed. Still read the returns policy and use a credit card for purchase protection.
    81–100 ✅ Very Likely Safe Strong positive signals across multiple categories. Established, reputable site with verified trust indicators.
    High confidence to proceed. Standard good practice still applies: check for HTTPS and verify the URL.

    Why Does a Legitimate Website Sometimes Score Low?

    This is the most common question we receive  and here are the most frequent reasons a genuinely legitimate website may receive a lower Trust Score than expected:

    Reason Why it Happens What the Website Owner Can Do
    Brand new domain New sites have no track record. The algorithm has no positive historical data to weigh against risk signals. Claim your ScamAdviser profile. Build an independent Trustpilot presence. Wait 6–12 months for reputation signals to accumulate.
    WHOIS privacy enabled Hiding registrant details is a common scammer tactic, so it lowers the score  even when used legitimately. Consider displaying verified business details publicly. Add verifiable contact info to the site.
    Shared hosting server If your server IP is shared with other low-trust sites, that affects your score. Cheap shared hosting is disproportionately used by scam sites. Consider dedicated or VPS hosting. Ensure your hosting provider is reputable.
    No independent reviews Without external review signals (e.g., Trustpilot, Google Reviews, etc.), the algorithm has less positive data to work with. Build a profile on third-party review platforms and encourage genuine customer reviews.
    Low Tranco traffic rank New or niche businesses naturally have low traffic. Low traffic is a neutral-to-negative signal. Organic growth over time. SEO investment helps build traffic and trust signals together.
    Non-standard TLD A .xyz or .shop domain is statistically more likely to be a scam site. Legitimate businesses using these TLDs score lower by default. Consider whether a .com or ccTLD is feasible for the business. Offset with strong trust signals elsewhere.

    🚨  Important Transparency Note

    We acknowledge that false positives exist. Our algorithm is automated and imperfect. If your website has been incorrectly flagged, you can view the specific Positive and Negative Highlights on your Trust Score page.

    Website owners can claim their profile on ScamAdviser.com and submit evidence for manual review. For business verifications, which are provided free of charge, you may contact us at report@scamadviser.com. We are committed to correcting inaccurate ratings when presented with verifiable evidence.

    ⚠️ WARNING

    We do NOT accept payment to change scores. Business verification is FREE.

    The Honest Limitations of the Trust Score

    We believe in transparency. Here is what the ScamAdviser Trust Score cannot reliably detect, and why:

    Limitation Why it Exists How to Compensate
    Brand-new scam sites A scam site registered yesterday with no negative history will score higher than it deserves until reports accumulate. Always check for user reviews independently. Be extra cautious with any site under 6 months old
    Sophisticated long-con scams Some fraud operations invest in building a legitimate-looking presence over months before defrauding users. Cross-check with Trustpilot, BBB, and Google. Search “[brand_name] scam” directly.
    Score fluctuation As new data emerges, scores can change significantly in short periods. A score you saw last week may differ today. Always double-check the score before a significant transaction.
    Country-specific legitimacy A business may be fully legitimate in its home jurisdiction but not registered or recognised in yours. Verify the company’s registration in its claimed country of origin.
    Social engineering scams Scams conducted entirely via email, phone, or social media, without a flagged website. ScamAdviser also checks phone numbers, crypto wallets, and IBANs; not just websites.


    Who Uses ScamAdviser’s Trust Score Data?

    ScamAdviser’s Trust Score is not just a consumer tool. The same data powers a professional-grade ecosystem used across industries:

    Advertising & Social Media Platforms Identify fraudulent advertisers in real time before they reach consumers.
    Financial Services & PSPs Integrated into KYB (Know Your Business) verification flows as an additional risk data point.
    Law Enforcement Agencies Full dataset access for identifying scam networks and cybercriminals behind groups of domains.
    Brand Protection Agencies Monitor for domain-based intellectual property infringement and counterfeit store networks.
    Consumer Protection Organisations Organisations such as GetSafeOnline, CIFAS (UK), VeiligInternetten (Netherlands), DECO Proteste (Portugal), An Garda Síochána (Ireland), and more use ScamAdviser data to better protect consumers globally.
    Anti-Fraud Researchers Domain Analyzer tool for bulk analysis, filtering by Trust Score, country, language, keyword, and other markers.


    How To Improve Your Website’s Trust Score

    If you are a website owner with a lower score than expected, these are the most effective steps to improve it, in order of impact:


    ➀ Claim your ScamAdviser profile at ScamAdviser.com/claim-your-site and add verified business information
    ➁ Build an independent review profile and actively invite genuine customers to leave reviews
    ➂ Ensure your website displays a real, verifiable physical address and a branded email address, not a free-platform email
    ➃ Add an EV (Extended Validation) SSL certificate rather than a DV certificate
    ➄ Create and actively maintain branded social media accounts (a LinkedIn company page is a particularly strong indicator)
    ➅ Register your domain for multiple years rather than the default 12 months
    ➆ If using WHOIS privacy, offset it with maximum transparency elsewhere on the site (e.g., about page, team info, company registration number, etc.)

    Frequently Asked Questions
    Why does ScamAdviser give a low score to a legitimate website?

    The most common reasons are: the domain was recently registered (under 6–12 months), the website uses WHOIS privacy protection, the site has low traffic volume, the hosting server is shared with other flagged sites, or there are no independent reviews on platforms like Trustpilot. None of these automatically mean the site is a scam, but these are indicators statistically associated with higher-risk sites. Website owners can claim their profile and provide evidence to support a manual review.

    Can a scammer fake a high Trust Score?

    It is difficult but not impossible to temporarily game certain signals. This is precisely why we use 40+ independent data sources rather than relying on any single factor. A site that invests in appearing legitimate will score better, but it will also typically expose itself through inconsistencies across signals (mismatched address, unverifiable contact details, newly created social accounts). User reports also continuously update scores, which is why reporting suspicious sites matter.

    How often is the Trust Score updated?

    The Trust Score is dynamic and updates automatically as new data becomes available. This includes new user reviews, changes to the website’s technical infrastructure, new malware or blacklist flags, shifts in social media activity, and changes in domain registration details. Significant changes can shift a score within hours as the system is continuously updated.

    How do I dispute my website’s ScamAdviser Trust Score?

    Visit ScamAdviser.com/claim-your-site to claim your business profile. Once claimed, you can view the specific positive and negative highlights driving your score, respond to user reviews, and submit evidence for a manual review by the ScamAdviser team. Legitimate businesses with verifiable evidence of their authenticity can have incorrect ratings corrected.

    Does ScamAdviser check social media accounts, phone numbers, and crypto wallets too?

    Yes. Beyond website checking, ScamAdviser also analyses phone numbers for scam association, cryptocurrency wallet addresses for fraud history, and IBAN bank account numbers for known fraud links. These checks use the same multi-source signal methodology as the website Trust Score.

    Is ScamAdviser a definitive verdict on whether a site is a scam?

    No, and we are transparent about this. The Trust Score is a risk indicator, not a verdict. A score of 30 does not mean a site is definitively a scam but that there are enough warning signals to warrant further investigation before proceeding. We always recommend cross-checking with independent Google searches, review platforms, and the BBB before making significant purchases from any unfamiliar site.

    Use ScamAdviser as Your First Line of Defence

    ScamAdviser checks over 1 million new websites every month. Our mission, born from a founder who was scammed himself, is to make sure every consumer has access to the same level of information about a website that a professional fraud investigator would use. The Trust Score is the starting point. Your own judgement, cross-checked against independent sources, is the finishing line.

    If you believe a website’s score is inaccurate in either direction please report it or claim it at ScamAdviser.com. Every report makes the tool more accurate for the next 4.5 million people who use it this month.

    Report a Scam!

    Have you fallen for a hoax, bought a fake product? Report the site and warn others!

    Report a Scam!

    Scam Categories

    Help & Info

    Scam AlertsLearn ScamsReliable SitesAdvicesStudiesGlobal Scams
    See all

    Top Safety Picks

    Your Go-To Tools for Online Safety
    Disclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.

    1. ScamAdviser App - iOS : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on iOS
    2. ScamAdviser App - Android : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on Android.
    3. NordVPN : NordVPN keeps your connection private and secure whether you are at home, traveling, or streaming from another country. It protects your data, blocks unwanted ads and trackers, and helps you access your paid subscriptions anywhere. Try it Today!
    4. Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!

    Popular Stories

    7 Best VPN Services for Security, Speed, and Privacy

    In a nutshell: A good VPN protects your privacy with strong encryption, a strict no-logs policy, and fast protocols like WireGuard. The best VPNs also offer wide server coverage, leak protection, and easy-to-use apps for all devices. For 2025, the top providers are NordVPN, ExpressVPN, Surfshark, Proton VPN, Private Internet Access, CyberGhost, and Mullvad—each excelling in speed, security, or value. In an age where every click is tracked, a Virtual Private Network (VPN) is no longer just a luxury—it's an essential tool for digital privacy and security. A VPN works by creating a secure, encrypted tunnel between your device and the internet, masking your real IP address and protecting your sensitive data from prying eyes. But with hundreds of providers out there, how do you sort the secure from the suspect? This guide breaks down the non-negotiable features of a quality VPN and highlights the 7 top-rated services for 2025. What to Look for in a Good VPN: The 4 Non-Negotiable Pillars 1. Ironclad Security Features Strong Encryption: AES-256, the gold standard. Secure Protocols: OpenVPN, WireGuard, NordLynx, Lightway. Avoid PPTP. Kill Switch: Ensures no accidental IP leaks. Leak Protection: Covers DNS, IPv6, and WebRTC. 2. Verified Privacy Practices No-Logs Policy: No activity or metadata tracking. Independent Audits: Verification by third parties. Safe Jurisdiction: Prefer countries outside the 5/9/14 Eyes alliances. 3. High-Speed Performance Fast Protocols: WireGuard and equivalents. Large Server Network: Less crowding, more reliable speeds. 4. Essential Usability Features Multi-Device Apps: Windows, Mac, iOS, Android, routers. Simultaneous Connections: One account, many devices. Unblocking Power: Netflix, Hulu, BBC

    Read more

    Data Breach Victim? Your Emergency Action Plan Starts Now

    How to Protect Yourself and Your Family After a Data Breach When Your Data Falls Into the Wrong Hands Just received that terrifying notification? Or perhaps you've noticed suspicious activity in your accounts? Take a deep breath. A data breach, the unauthorized access or exposure of sensitive, protected, or confidential data, is a deeply unsettling event. It can plunge you into a world of worry, bringing risks from financial losses and identity theft to significant emotional distress and reputational damage. The numbers don't lie: according to a 2024 report, the number of data breach victim notices has grown by a staggering 211% year-over-year. This isn't just a distant threat; it's a stark reality many individuals face. This year alone, we've seen major organizations like Adidas and Qantas grapple with high-profile data breaches, affecting countless customers. This underscores a critical truth: nobody is untouchable. Subsequently, strategic action is the only way to minimize the risk and protect your future. This guide is your emergency action plan, designed to walk you through every crucial step—from confirming the breach to fortifying your digital life for the long term. Part 1: Confirming the Breach and Understanding the Damage The very first step is to answer the question definitively: Was my data compromised, and if so, how badly? Start with the basics: Check Official NotificationsReputable companies are legally obligated to inform you if your data was part of a breach. Look for official emails, letters, or public announcements. Check Verified Breach DatabasesPlatforms like HaveIBeenPwned help you see if

    Read more