We read 5 \"free credits\" Terms of Service so you don't have to Hyperagent, an AI agent platform offering signup credits, faces lookalike domains and scams. A developer outlines a 60-second verification process: check official social media or news for the real domain, watch for pluralization/hyphenation/TLD swaps, ensure referral links stay on the canonical domain, use domain reputation tools, and rely on password managers. The advice helps users avoid confusion and fraud. When an AI credit offer goes viral, two things spawn immediately: threads calling it a scam, and actual scams farming the confusion. Case study from our own beat. Hyperagent — an AI agent platform currently running a large signup-credit offer — lives at hyperagent.com. There is also a hyperagents.online: plural, different TLD, and a rock-bottom trust score on Scamadviser. Type the name into a search bar with one letter of drift, or click a link in the wrong thread, and you land somewhere that would love your email and card number. Half of every "is this legit?" argument online is two people talking about two different websites. Here's the 60-second check, in order. Find the company's official X/LinkedIn/GitHub profile or a news article about them, and note the domain those link to. That's your ground truth. Never establish a domain's legitimacy from the same place you got the link — that's the link vouching for itself. Lookalikes drift in exactly three ways: pluralization hyperagent → hyperagents , hyphenation hyper-agent , and TLD swaps .com → .online, .site, .app . If the brand is a .com and your link isn't, stop and verify. Subdomain tricks count too: hyperagent.com.claim-bonus.site is not hyperagent.com — the real domain is whatever sits immediately left of the final dot-something. Legitimate referral programs run on the company's own domain — a real referral link looks like hyperagent.com/refer/…, not a third-party redirect chain. Paste the link somewhere you can read it before you click it. If a "claim your credits" URL lands anywhere off the canonical domain, close the tab. No real program requires a side door. Scamadviser, URLVoid, and similar tools aggregate domain age, hosting, and report history. A terrible score on a domain claiming to be a funded company is disqualifying. A good score proves less — new-but-legit domains score mediocre — which is why this is step four and not step one. If you've signed up on the real site before, your password manager will refuse to autofill on the lookalike — it matches exact domains, and it can't be fooled by fonts, logos, or vibes. When autofill goes silent on a familiar-looking login page, believe the software, not your eyes. Not every same-name site is malicious. There's an open-source research project on GitHub also called HyperAgent — an academic coding-agent framework, wholly unrelated to the commercial platform. No one's scamming anyone; you can just burn twenty minutes reading the wrong project's docs. Tool names in AI are colliding constantly there are at least three products called "Hyper-something-agent" . The canonical-domain check in step 1 resolves these too. Bookmark the real domain the first time you verify it, and only ever enter through the bookmark. Sixty seconds once, zero seconds forever. The fine print of trust is the URL bar. Read it like we read ToS sections: slowly, once, before it costs you anything. No referral links in this post.