How to Recognize a Fake URL

Techwalla may earn compensation through affiliate links in this story. Learn more about our affiliate and product review process here.

Scammers will sometimes use fake versions of real businesses' Web addresses to trick you into revealing your personal information. Look for oddities in any address that appears in an emailed link, like a misspelled company name, or extra characters at the end of the domain name. When in doubt, don't click the link and get in touch directly with the company in question.

Advertisement

Look Before You Click

Video of the Day

Scammers will often send "phishing" emails masquerading as banks and other financial companies, e-commerce sites and other institutions with which you do business.

Video of the Day

In those emails, they'll include sign-in links pretending to be to the institution you trust, but they'll actually be to the scammer's own website. When you try to log in or provide other sensitive information, they'll record your information and later use it to impersonate you.

Advertisement

Before you click any link in an email, you should always look at the link's URL to make sure that it actually goes to the website you expect.

On the email programs for iPhone and Android smartphones and tablets, you can do this by holding your finger down until a menu pops up, showing the URL and asking whether you want to open the link. On most browsers for Windows or Mac, you can mouse over the link to see the URL.

Advertisement

Even if a URL is written out in the text of the email, the actual link could point to another URL entirely. Nothing prevents a scammer from linking the text "http://www.mybank.com" to "http://www.scamsite.com."

Check for Subtle Tricks

When you're looking at the URL, look carefully for any subtle misspellings in the domain name. Scammers will use slightly misspelled variations of well-known sites to trick you into simply skimming the URL and clicking. A fraudulent email might link to "http://www.mybonk.com" instead of "http://www.mybank.com," for example.

Advertisement

Advertisement

Other scams use a URL with a domain name that begins the same as the domain name you expect but has extra characters where the ordinary domain ends. For instance, a scammer might link to http://www.mybank.com.scamsite.com, instead of simply to http://www.mybank.com. Always make sure to check the entire domain name, not just the beginning.

Advertisement

Be Wary of URL Shorteners

URL shorteners are often used to abbreviate lengthy Web addresses for social media and text messages.

Because they disguise the actual URL to which a link points, they can be used by scammers looking to make it hard for you to check out a link before you click. Organizations like banks and financial institutions are unlikely to use URL shorteners in official emails, so be wary of any message you get with unexpectedly shortened URLs. Try a service like CheckShortURL to see what the shortened URL points to in its expanded form.

Advertisement

When in Doubt, Check It Out

If a link in an email or elsewhere looks suspicious, or you're just not sure if a message seems legitimate, don't take the risk.

Advertisement

Get in touch with the organization that sent the message directly. Either visit their website by typing in the URL manually, use a smartphone app to connect with the organization, or give them a call.

Advertisement

Email scammers will often try to create a sense of urgency, sending emails implying not clicking a link will have severe negative consequences, like having your bank account frozen. But if a bank or another institution has an urgent message for you, it should also be available when you log directly into your account or get in touch over the phone.

Advertisement

Advertisement