The Internet allows users to connect to a vast range of networks, information resources, and online services instantaneously. Being on a safe network is an essential first step. However, it is only the start and it is only sometimes reliable. As our interactions with technology continue to change, the ways scammers try to reach us also evolve. We need to be wary of internet scams and avoid dangerous situations.

Identifying Safe URLs

Any time you want to visit a website, you will need its URL. A URL is a web address - it tells a device how to find that website. Typing a URL directly into a browser's address bar will take you to that website. URLs can also be found as links in clickable text, graphics, or buttons. Only some links are safe, even links on legitimate websites.

Scammers use malicious URLs and websites to:

  • Steal your credentials
  • Trick you into downloading malicious software
  • Present you with false information that looks legitimate

Take a close look at the following examples. They both claim to go to University Bank's website.

These URLs share some similarities but contain differences that could be costly if clicked. These URLs point to completely different websites. The domain name acts as a home address for the website. It helps to identify the website's owner.

Looking at the previous domain names, we can see: https://www.universitybank.com/account_login goes to universitybank.com, while https://www.universitybank-payment.com/login goes to university bank-payment.com

Connection Type: HTTP and HTTPS

HTTP and HTTPS refer to the type of connection a website uses. Hackers and scammers can easily read information sent to a site using HTTP.

HTTPS doesn't mean a website is safe, as the site could be compromised. However, it does indicate that the website uses encryption between your machine and the website. The "S" in HTTPS stands for secure. When visiting secure websites, be sure your URL contains HTTPS.

URL Domain Scams

Scammers attempt a variety of tricks to scam users into visiting malicious sites. Below are a few of the most common URL tricks that scammers will use.

Shortened URLs

Shortened URLs are forwarding addresses for longer links. Attackers may use link-shortening tools on the internet, such as bit.ly, to conceal a link's true destination. If you want to know the true destination of a shortened URL, you can search the web for a URL expander. Please copy and paste the URL into the tool to determine where it goes.

Number Based Links

Most companies use words, not numbers, in their domain names. They do this for easy navigation to their website. Be sure to avoid links that contain four sets of numbers, as they are usually malicious domains.

Look-alike Domains 

Cybercriminals will attempt to deceive users by substituting letters and numbers to make a URL appear identical to a legitimate site. For example, the 0 (number) and the O (letter), l (lowercase letter) and I (uppercase letter), or vv (as w). Carefully review domains and check for letter substitution.

Interacting with URLs

When visiting URLs, there are a few things you can do to stay safe.

Hover your Cursor

If you have a mouse cursor, hover over the link. Depending on your browser, you will see the true destination of the URL in the bottom left corner of the screen or directly near your mouse cursor. If you are on a mobile device, you can long-press and hold in the URL, revealing a snapshot of where the URL is being directed.

Use a Search Engine

Use a search engine to see if the website and domain names match. Be sure to put the URL in the search engine and not directly into the address bar.

Use a Trusted Source

If you have the website bookmarked in your browser, use that instead of the link. If you know the correct web address, such as https://www.ritcompany.com type it into the address bar instead of clicking the link.