How to Recognize a Fake URL

By Steven Melendez

Scammers will use fake URLs to trick you into giving them your personal information. Look carefully at links you receive in email before clicking to stay safe.

Scammers will sometimes use fake versions of real businesses' Web addresses to trick you into revealing your personal information. Look for oddities in any address that appears in an emailed link, like a misspelled company name, or extra characters at the end of the domain name. When in doubt, don't click the link and get in touch directly with the company in question.

Look Before You Click

Scammers will often send "phishing" emails masquerading as banks and other financial companies, e-commerce sites and other institutions with which you do business.

In those emails, they'll include sign-in links pretending to be to the institution you trust, but they'll actually be to the scammer's own website. When you try to log in or provide other sensitive information, they'll record your information and later use it to impersonate you.

Before you click any link in an email, you should always look at the link's URL to make sure that it actually goes to the website you expect.

On the email programs for iPhone and Android smartphones and tablets, you can do this by holding your finger down until a menu pops up, showing the URL and asking whether you want to open the link. On most browsers for Windows or Mac, you can mouse over the link to see the URL.

Even if a URL is written out in the text of the email, the actual link could point to another URL entirely. Nothing prevents a scammer from linking the text "" to ""

Check for Subtle Tricks

When you're looking at the URL, look carefully for any subtle misspellings in the domain name. Scammers will use slightly misspelled variations of well-known sites to trick you into simply skimming the URL and clicking. A fraudulent email might link to "" instead of "," for example.

Other scams use a URL with a domain name that begins the same as the domain name you expect but has extra characters where the ordinary domain ends. For instance, a scammer might link to, instead of simply to Always make sure to check the entire domain name, not just the beginning.

Be Wary of URL Shorteners

URL shorteners are often used to abbreviate lengthy Web addresses for social media and text messages.

Because they disguise the actual URL to which a link points, they can be used by scammers looking to make it hard for you to check out a link before you click. Organizations like banks and financial institutions are unlikely to use URL shorteners in official emails, so be wary of any message you get with unexpectedly shortened URLs. Try a service like CheckShortURL to see what the shortened URL points to in its expanded form.

When in Doubt, Check It Out

If a link in an email or elsewhere looks suspicious, or you're just not sure if a message seems legitimate, don't take the risk.

Get in touch with the organization that sent the message directly. Either visit their website by typing in the URL manually, use a smartphone app to connect with the organization, or give them a call.

Email scammers will often try to create a sense of urgency, sending emails implying not clicking a link will have severe negative consequences, like having your bank account frozen. But if a bank or another institution has an urgent message for you, it should also be available when you log directly into your account or get in touch over the phone.