Correct, which is why you primarily need to check the URL and particularly the domain. I mention HTTPS because if you’re on the right domain and it’s not HTTPS when it should be, you’re most likely getting MITM’d or another such attack is being used.
HTTPS means nothing. All sites are HTTPS these days. If your only check for a scam is that then you’re fucked
Correct, which is why you primarily need to check the URL and particularly the domain. I mention HTTPS because if you’re on the right domain and it’s not HTTPS when it should be, you’re most likely getting MITM’d or another such attack is being used.