Check a website's reliability: 5 key points

Checking a website's reliability in 2026 requires seven quick checks: valid HTTPS certificate, readable legal notices, verifiable external reviews, visual consistency (AI-generated scam sites are proliferating), reputation tools (Google Safe Browsing, ScamAdviser, Trust Mamma), legal existence (SIREN/RCS), and secure payment test. In 5 minutes, you can rule out 95% of fraudulent sites. If any of these seven checks fails, do not pay: we explain exactly how to perform them.

With the explosion of AI-generated e-commerce sites in just a few hours and dropshipping scams copying legitimate merchants, the risk has scaled up since 2023. This guide brings together the seven checks that the Scroll team uses internally when a client asks us: "Can we order from this site?"

Why checking a website's reliability has become critical in 2026

Three major changes since 2023 have made reliability checks indispensable, even for purchases as small as €20.

AI-generated scam sites in just a few hours. With Lovable, Bolt, and v0, a fraudster can produce a credible e-commerce site (visuals, product sheets, legal pages) in an afternoon. Visually perfect, but empty behind the scenes. Consistency across 2-3 clicks is still the best barrier.

Industrialized fake reviews. Trustpilot removed 3.5 million fraudulent reviews in 2025 according to its annual report. ChatGPT makes it possible to generate credible reviews en masse. Cross-referencing multiple platforms (Trustpilot + Google Reviews + Reddit + Pages Jaunes) remains essential.

Brand impersonation. Sites mimicking Shein, Vinted, Decathlon, or French marketplaces are on the rise. Recognizing a slightly different domain (shien-fr.com instead of shein.com) now requires a systematic reflex.

1. Check the HTTPS certificate and domain

HTTPS has become the bare minimum: no legitimate site in 2026 runs on plain HTTP. But HTTPS does not guarantee reliability—it only ensures the connection is encrypted.

The right reflex:

• Click the padlock next to the URL. The browser displays the certificate details: domain name, issuing authority (Let's Encrypt, Sectigo, DigiCert, etc.), validity. A certificate issued yesterday on a site claiming to have existed for 5 years is suspicious.
• Check the exact spelling of the domain. Scam sites rely on subtle typos (amazn.fr, sheein.com, vintee.fr). Type the brand name yourself into Google rather than clicking a link received by email.
• Perform a WHOIS lookup on who.is or whois.com to see how long the domain has existed. A French site claiming to have been around for 10 years but whose domain was registered 3 months ago: major red flag.

2. Read the legal notices and privacy policy

In France, every commercial site must display legal notices (LCEN law). Their presence is not proof of reliability, but their absence or inconsistency is a very strong signal.

What we look for:

• Presence of a company name, a French or European address, a SIREN number. If the company is in France, verify the SIREN on annuaire-entreprises.data.gouv.fr (free, official). A fake or non-existent SIREN is a deal-breaker.
• Consistency between the trade name and the legal company name. A recent tech brand hiding behind a 2008 construction SARL deserves a thorough fact-check.
• Genuine GDPR-compliant privacy policy (not a generic copy-paste). Check that it mentions a DPO, a legal basis, retention periods, and the right to object.
• Terms and conditions tailored to the business. An e-commerce site selling items without compliant return terms under the Consumer Code is in violation.

3. Look for verifiable external reviews (and learn to spot the fakes)

Reviews displayed directly on the site should be ignored: they can be edited. Only external sources matter.

Reliable sources to cross-check:

• Trustpilot (check the company profile, not just the average rating: look for detailed reviews with verified purchases).
• Google Reviews (Google Maps if the company has a listing, or Google Business Profile).
• Pages Jaunes / Société.com for French businesses.
• Reddit (search for "brand_name scam" or "brand_name review" on reddit.com), often the most honest source.
• Specialized forums depending on the sector (Hardware.fr, Caroom, etc.).

Spotting fake reviews in 2026: clusters of 5-star reviews posted within 48 hours, identical phrasing from one review to another, Trustpilot profiles with only one review posted, newly created Google accounts. If the ratio of "laconical 5-star reviews" to "detailed balanced reviews" seems off, it probably is.

4. Inspect visual and editorial consistency

With AI-generated scam sites, appearance is no longer a reliable indicator: visuals are perfect, texts are smooth. It’s the consistency across multiple pages that exposes the scam.

Signs to look for:

• Product pages that all look the same (same photo angles, descriptions following the same template: sign of automatic generation from a template).
• Stolen product photos. Right-click + Google Lens on 2-3 photos: if they appear on Aliexpress or another legitimate site, it’s abusive dropshipping.
• Incorrect French text or odd phrasing. Even when generated by GPT, scam sites often fail to maintain consistency in prices (€, $, ¥ mixed) or units.
• Nonexistent or pure SEO blog (generic articles, no identifiable author, inconsistent dates).
• Customer service: phone rings into a void, chatbot loops, generic email (gmail/outlook instead of an @brand.com address).

5. Run the site through free reputation tools

Several services automatically assess a site's reliability by cross-referencing blacklists, domain age, DNS signals, and community reports. Use them as a supplement, not as the sole method.

The best free tools in 2026:

• Google Safe Browsing (transparencyreport.google.com) : Google’s anti-phishing database. If Google has flagged the site, it’s over.
• ScamAdviser (scamadviser.com): algorithmic trust score, user reports.
• URLVoid and VirusTotal: blacklist aggregators.
• Trust Mamma: French community reports.
• Signal Conso (signal.conso.gouv.fr): official French portal for reporting and checking existing reports.

No tool is foolproof. A "green" score on ScamAdviser is not a free pass: always cross-check with the other six checks on this list.

6. Verify the company’s legal existence and solvency

This step is often overlooked but is particularly useful before a large purchase (furniture, appliances, travel) or a recurring service (SaaS, subscription).

In France, three free official sources:

• annuaire-entreprises.data.gouv.fr: verify the SIREN, creation date, declared activity (NAF code), directors, and published annual accounts.
• infogreffe.fr: official Kbis extract (paid for the recent version, free for basic info).
• societe.com: aggregated view, flags ongoing collective procedures (restructuring, liquidation).

Red flags on these sources: company registered less than 6 months ago for a site claiming to be a "leader since 2015," ongoing liquidation proceedings, ridicuously low share capital (€1) for an e-commerce site claiming to manage large inventories, suspicious registered address (anonymous mailbox).

Outside France, equivalent sources exist: Companies House (UK), Handelsregister (DE), Mercantile Register (ES). Fraudsters often switch to these jurisdictions when a French site is about to be dismantled.

7. Test a secure payment (and prepare for the worst)

If doubts persist after the first six checks, a payment test can help you decide while protecting yourself.

Three precautions to take:

• Use a single-use virtual card (generated from your online banking, with a customizable limit). If the site is fraudulent, your real card is never exposed.
• Always pay via 3D Secure. Refusing to go through your bank for validation is a major red flag. If the site bypasses 3D Secure (Stripe payment without authentication, suspicious redirect), stop.
• Avoid alternative payment methods the site insists on using: direct bank transfer, crypto, Wise to a foreign account, Western Union. On a French e-commerce site in 2026, these channels are abnormal.

If you suspect fraud after payment: immediately block the card (within 24 hours for the chargeback procedure), report on signal.conso.gouv.fr, and file a complaint (the receipt will be requested by the bank for reimbursement).

Recap: the 5-minute checklist

Before ordering or paying:

• ✅ The HTTPS padlock is present, and the certificate matches the domain.
• ✅ Legal notices are complete, and the SIREN is genuine.
• ✅ At least 2 external sources (Trustpilot + Google + Reddit) confirm the brand.
• ✅ Product pages are consistent, with no photos copied from Aliexpress.
• ✅ Google Safe Browsing and ScamAdviser raise no alerts.
• ✅ The company has been registered for more than 6 months, with no collective proceedings.
• ✅ Payment goes through 3D Secure, and you use a virtual card for the first purchase.

If any of the seven checks fail, do not pay. If you're in a hurry, ask a friend for their opinion or post the link on r/france or a specialized forum: the community responds within minutes.

Read more

For further reading:

• Website security: the essentials to know for the publisher’s perspective (you’re launching a site and want it to inspire trust).
• GDPR-compliant website to understand what you must display when publishing a site.
• Website specification document if you’re launching a site project and want to start on solid ground.

Build a trustworthy site with Scroll agency

The opposite of this article: you’re building your site and want it to pass all seven checks with flying colors. The Scroll team designs professional sites (showcases, e-commerce, SaaS) that inspire trust from the first click: automatic HTTPS, compliant legal notices, 3D Secure payment integration, proper GDPR, consistent design, verifiable customer testimonials. If you’re launching a project where trust is critical (payments, personal data, ARS/finance missions), let’s talk.