The site looked like the real brand. It wasn't.

The URL was one hyphen off a major retailer I shop often—fonts, cart flow, and product shots matched what I expected. I paid for a laptop; tracking stalled; the domain went dark within days.

An Instagram ad found me right after I searched for deals. Checkout skipped extra authentication "for speed," and my bank showed a random overseas merchant name I did not recognise until small test charges appeared.

Typosquatting plus cloned frontends harvest cards and never ship goods. I cancelled the card, but the data was already in criminal hands.

Polished design fooled me because I conflated visual quality with security. I trusted what looked familiar.

WHOIS showed the domain was four days old—a free check I already knew how to run. Kicking myself hurt almost as much as the fraud because the tool was sitting in my bookmarks.

Online shopping felt suspicious for months; every ad click triggered second-guessing.

I type retailer URLs or use saved bookmarks now, and I glance at registration dates before I trust a sale. I wish I had hovered the ad to read the real destination first.

• Hover ads to see destinations; prefer official apps over ad clicks.

For more help, see our Report a scam page and Spot and avoid scams guide.