A real business is registered somewhere, with a legal name and a number. Look it up in the official registry of the country it claims, and confirm the number resolves to this exact company.

If it claims to be regulated or licensed, that claim lives on the regulator's own public register. Verify the licence number there. An honest firm with no licence says so plainly.

Look for a verifiable business address that stays consistent everywhere it appears. Be wary of a virtual office, a prestige address shared by hundreds, or one that turns up on unrelated sites.

The legal entity, the website, the app, and the bank or payment details should all point to the same company. Mismatched names are a sign that one of them is borrowed.

Real founders have a past you can trace: prior roles, talks, writing, and colleagues who confirm them. Profiles that predate the project and connect to a consistent history are a good sign.

Drop each team photo into a reverse image search. Stolen faces, stock models, and AI-generated portraits fall apart the moment you do.

An anonymous team is not always a fraud, but anonymity paired with guaranteed profit and a request for your money is a combination to run from.

Fakes borrow credibility by listing famous advisors, partners, or backers. Check the claim from the other side; real partners confirm it, invented ones cannot.

Know the official domain and reach it by typing it yourself. Compare it letter by letter; a single changed or added character is a different site with a different owner.

A site claiming a long, trusted history but registered weeks ago is lying about one of the two. A quick domain-age lookup often settles it.

HTTPS and the padlock only mean the connection is encrypted, not that the company is honest. Scammers get the padlock too. It is necessary, never sufficient.

The most dangerous fake is a pixel-perfect copy of a real site at a lookalike address, reached through an ad, email, or message. The look is identical; only the domain gives it away.

Look for genuine terms, a privacy policy, and a real way to reach a human, all consistent with the named company. Empty links and a lone contact form are warnings.

Most clone victims are delivered to the fake by a link in an ad, email, or DM. Bookmark the real site and use the bookmark. Never log in through a link someone gave you.

Real documentation explains how the thing actually works, in checkable detail. Vague, buzzword-heavy text that avoids mechanism is hiding the absence of one.

A serious project states what can go wrong and what you can lose. Documents that promise only upside are selling, not informing.

Paste distinctive sentences into a search engine. Whitepapers copied word for word from other projects are common, and a clear sign of a shell.

No honest document guarantees returns. Where you see 'guaranteed', 'risk-free', or fixed profit, the rest of the page does not matter.

On the block explorer, a legitimate contract shows its verified source code. If the source is not published, you are trusting a black box; treat that alone as a serious warning.

Confirm any audit on the auditing firm's own website, matching the contract address, date, and scope. A logo with no report behind it means nothing.

Check who controls the contract and what they can do. Renounced ownership, or tightly limited powers, is far safer than an owner who can change the rules at will.

A honeypot lets money flow in and quietly blocks it from leaving, through a sell that always fails or a hidden allow-list. The funds go in and never come out.

A mint function with no cap lets the owner create unlimited new tokens at will, diluting yours toward zero in a single transaction.

A tax that reads as zero today can often be raised by the owner to near 100 percent, taking almost everything the moment you trade.

A blacklist or pause function lets the owner freeze chosen wallets, or all of them, so you cannot move your own tokens when it matters.

For a token, check that liquidity is locked. Unlocked liquidity lets the team withdraw the pool and vanish, the classic rug pull.

No real investment guarantees a return, because real markets carry risk. The word 'guaranteed' attached to profit is, by itself, proof you are being lied to.

A steady one or two percent a day, paid like clockwork regardless of markets, is the signature of a Ponzi: early exits are paid with later deposits until it collapses.

When the reward comes from bringing in other people, tiers, and downlines, you are looking at a pyramid. The product is the recruitment.

Countdown timers, 'limited spots', and pressure to deposit now exist to stop you checking. A real opportunity survives a night's sleep.

Financial regulators publish lists of firms they have flagged or warned about. Search the major ones for the company name before you act.

Search the company alongside 'scam', 'withdrawal', 'review', and 'fraud'. Patterns of people unable to withdraw are the loudest signal there is.

Fake reviews, paid promoters, and bot-filled chat groups manufacture trust. Weigh detailed, dated, critical accounts over a wall of identical five-star praise.

A track record that is long, public, and consistent is hard to fake. One that appeared last month, or changes its story, is not a record at all.

No company, app, or support agent ever needs your recovery phrase or private keys. Anyone who asks is trying to empty your wallet, with no exception.

Real firms do not slide into your direct messages offering profit or help. 'Support agents' who DM you, often impersonating staff, are the attack itself.

You will never need to send crypto to an address to 'verify', 'unlock', 'activate', or 'sync' your wallet. That instruction exists only to take your funds.

A common scam shows fake profits, allows a tiny withdrawal to build trust, then demands a 'tax', 'fee', or 'deposit' to release the rest. That demand is the proof of fraud; paying it only invites more.