Guide on How to do Online Due Diligence


The purpose of this guide is to give everyone reading this article our own take on how basic due diligence should be performed. Ultimately, the idea is to generally educate and hopefully this will translate into fewer people getting scammed online.

What is Due Diligence ?

Due diligence is the process of verifying, investigating, and auditing all relevant facts of a transaction. This includes all the parties involved, the nature of the transaction and the online platform on which it is conducted.

Why is it Important ?

It is the best tool available to everyone to protect themselves against online fraud. In many cases that we have seen, the victims had done some basic due diligence on their own but either it was not sufficient to discover the scam or they did not know how to interpret the information they had before them.

Starting Point: Distrust Everything

In our view, the starting point of doing proper due diligence in any investment matter (especially in online matters) is to assume that everyone is out to scam you, and you need to find supporting facts to prove the contrary. This approach applies to everything. It does not matter if the information comes from a trusted family member or a friend, it is important to start with a clean slate and verify every single information given. Any leap of faith will often result in financial losses.

Second Step: Learn about Common Types of Online Fraud

In our view, it is extremely important to be familiar with all the most common existing types of online fraud. They say knowing is half the battle and in this case it is not different. Most fraudsters are usually lazy by nature and will rely on tried and true scamming methods instead of re-inventing the wheel each time. You should consider reading our existing articles on the most common scams that we have come across below:

This list is not exhaustive but should be a good starting point.

Third Step: Know the Typical Red Flags

We have compiled below the most common red flags that you might unknowingly encounter while you are trying engaging online with scammers. Individually these red flags are not always conclusive, but it should give you a good idea when you should be on your guard.

  • Bank Transfers (suspicious): Anytime you are requested to make a payment to a third party (especially an individual) that you do not know and who is not part of the transaction that you are considering entering into, there is a real risk that you are being directed to send money to a money launderer's bank account.
  • Customer Service: Fraudulent websites usually require you to communicate with the platform's "customer service" via WhatsApp, Telegram or LINE. The customer service will often give out various bank accounts where a victim will be told to remit the funds. The telephone number of these customer service accounts are regularly in the location wherever these platforms are pretending to be.
  • Free Email: It is common for fraudsters to use free Gmail or Yahoo email accounts to conduct business. If the email is not coming from the domain name that you are dealing with, be very careful.
  • "Kindly": A lot of South Asian scammers speak English as a second language and will often use the word "kindly" as a way of appearing polite. This is typically a red flag.
  • Stock Photos: Fraudulent websites will typically rely exclusively on stock photos and there are no original photos to be found on the website.
  • "New" Domain: The rule of thumb is that the newer the website is, the more likely that it was designed specifically for the scam that you are being targetted for. If a domain is less than one year old, it is typically a red flag.
  • Unusual or Strange Looking Domain Name: Fraudulent websites tend to have strange domain names that frequently includes numbers or hyphens.

All these red flags share the same characteristic; they reflect the relatively small amount of efforts by typical fraudsters. That being said, there are fraudulent websites out there that are virtually indistinguishable from real legitimate businesses. 

Fourth Step: Use Online Tools to Gauge Legitimacy

WHOIS Lookup: You can use the WHOIS to find out many details about a website, including how old the domain name is and where the website is located.


Global Anti-Scam Organization:  This is a website operated by victims, and they maintain a decent database of the websites that their users believe are fraudulent. Definitely worth searching to find out whether another person has reported a certain website as fraudulent.


ScamWatcher: This is another tool that we have come across that seems to have a decent database of websites that have been reported as fraudulent.


Google: As obvious as it may look, searching specifically on Google for the domain name of the platform that you are considering might sometimes yield useful results. Adding the word "scam" to your search will often bring up to the surface some victims voicing out their negative experience.

Last Step: If All Else Fails, Follow your Instincts

In doubt, it is important to trust your instinct. If a deal looks too good to be true, it probably is. Lucrative opportunities with very little downside seldom exists.

Additional Questions

If you have additional questions which are not addressed here or wish to schedule an appointment to discuss your case, please contact us by telephone on +852 2176 4777, by WhatsApp (+852 9547 5353) or by email at [email protected].

Need help performing due diligence?