Scam awareness blog
Deep dives on phishing, fake websites, DNS, SSL, email security and domain trust.
How to check a phishing link safely (without clicking it)
A step-by-step link checker guide: how to inspect a suspicious URL, expand shortlinks, verify SSL and reputation — all without ever loading the page in your browser.
Why DNS-over-HTTPS matters (and how Scam Lookup uses it)
Traditional DNS is plaintext and trivially tampered with. DNS-over-HTTPS encrypts the lookup — and lets any web app resolve records without a server-side helper.
Phishing in 2026: what modern phishing kits actually look like
Phishing has evolved past bad grammar and Nigerian princes. Here's what a well-executed 2026 phishing campaign looks like — and what still gives them away.
The safe online shopping checklist for 2026
Twelve questions to ask before you enter a card number on a shop you haven't used before. Takes two minutes; saves months of chargebacks.
How scammers buy lookalike domains — and how to spot them
Homograph attacks, typosquatting, hyphenation, and TLD swapping. The four ways attackers register domains that look like brands you trust.
Certificate Transparency: what crt.sh tells you about a domain
Every SSL certificate ever issued is public. Here's how to read a Certificate Transparency log and what it reveals about a website's history.
What HSTS and CSP actually do (and why every site should have both)
Two response headers that stop entire classes of attack. If a site doesn't send them in 2026, its operators either don't know or don't care.
SPF, DKIM, DMARC — the three records that stop email spoofing
A plain-English guide to the three DNS records that decide whether attackers can forge email from a domain. If you own a domain, you need all three.
How to spot a fake website in 60 seconds
A checklist for verifying a website before you enter your card details, credentials or personal information — in under a minute.