Check when a domain was registered. Phishing sites are usually less than 30 days old — domain age is one of the strongest fraud signals.
Extremely high risk. 95% of phishing domains are under 30 days old. Treat with maximum suspicion.
Elevated risk. Domain is less than a year old. Cross-check with other signals before trusting.
Good indicator. Most legitimate businesses maintain their domain for years. Still verify other signals.
Strong trust signal. Established domains with long history are very rarely phishing sites.