5 URL Warning Signs to Watch For

Not all URLs are created equal. Malicious URLs are lurking in emails, text messages, social media posts, pop-up windows, and more. Scammers create and distribute these links and try to trick users like you into clicking. Once you get to their sites, you can be exposed to malicious software, viruses, and other dangerous content.

Dangerous links lead you to dangerous sites and put your data, your computer, and your network in harm’s way. And though it can be difficult to distinguish a safe URL from a malicious one, there are warning signs you can watch for. Keep these five points in mind when you come across an unknown URL:

1. The end of the domain is the most important part to check.

The domain portion of a URL is what gives you insight into the source of a link. The domain can be found after the http://; in longer links, the domain ends prior to the first /. For example, in the link http://google.com/maps, the domain is google.com.

Seems straightforward, right? Wrong. Scammers will doctor domains to make them seem like something they aren’t. In the example of http://google.com.cust_login.ie, the domain is cust_login.ie, not google.com. And in http://accounts_login.cz/google.com, the domain is accounts_login.cz, not google.com.

In the last two examples, you can see why a user might think they are linking to a Google site as opposed to a malicious site. That is why it’s important to check the space between the http:// and the first / and watch out for things that don’t belong.

2. Hyphens and symbols are common in malicious links.


Legitimate websites don’t often have hyphens or symbols in their domain names. As with the examples noted in point #1, scammers will use these elements along with known brands to try to trick you. For example, www.google.com isn’t the same as www.google-search.com.

3. Beware of domains that are entirely numbers.

Sometimes you will come across a domain that is shown just as an IP address (e.g., http://101.10.1.101). With links like this, you have no way of knowing the real owner of the domain. You should not click this type of URL unless you are familiar with the IP address and you know exactly where the link will take you.

4. Shortened URLs are URLs in disguise. Period.

With character limits on certain social media platforms, it’s common to see shortened URLs there. But they are also found in text messages, emails, and other media. Services like Tiny URL and Bitly take longer URLs and tie them to a URL with fewer characters. While convenient, the reality is that a shortened URL is a mask for another link. Be careful with these; like IP address domains, you can’t be certain of the true sources of the links.

5. Scammers can mask dangerous links with legitimate-looking links.

Scammers can embed dangerous URLs inside of legitimate-looking links, text, logos, and images. But you can see what’s hidden by mousing over these links. As you hover, compare the URL that appears on your screen to the URL that is visible. If there’s a significant difference or you see some of the warning signs in the hidden URL, avoid that link (and the email, website, or ad that contains it).

Bottom Line: Think Before You Click

Due diligence is the name of the game with URL safety. It’s about checking things you see and verifying what you don’t see. And it’s about clicking smart. If you aren’t familiar with a URL or you receive it in a message you weren’t expecting, do not click. When you’re unsure, the best option is to use a search engine to find a legitimate, reliable link.

©2008-2015 Wombat Security Technologies, Inc. All rights reserved.