You have to first define what you mean by 'real' and 'fake'. Note that these days, you can have certificates for websites, these are signed by specific entities that certify whether your websites are safe or not. Furthermore, websites that exploit vulnerabilities are usually very quickly blacklisted by Google/Mozilla Foundation, the browsers issue threat prompts (so do Anti Virus solutions).
So, legitimate websites tend to be HTTPS based and usually have signed certificates.
If fake means spoofed, such as a fake version of your banking website, then you can check the URL. A spoofed website might use a domain name that looks authentic, such as chasee.com instead of chase.com. You might not notice the mis-spelling of a URL if its in a phishing email, or an link in a harmless looking comment on youtube. You could click any of these links out of habit.
There are also tools that can help with such websites. Web of trust is one such tool that works by identifying trusted and untrusted websites through consensus.