Have you ever hurriedly typed a web address into a URL, relying on autocomplete or past browsing activity to take you to the right site? Or have you clicked on an email link or searched for a site, assuming to find the right web address?
It happens to everyone, and most of the time you get where you want to go. But every once in a while, you can click a link that’s masquerading as a legitimate site—a ploy to trick you into giving away your money and/or personal information. Here are a few tips to make sure you’re using the right web address.
Pay attention to the URL
It’s easy to skip over the address bar, but getting in the habit of inspecting a URL when you visit a website can give you important information to keep you safe. Cybercriminals can control a lot about a webpage, even making it appear nearly identical to a legitimate site. But the URL itself contains a domain name (information that appears right before the “.com”) that will tell you exactly where you are.
Some phishing sites—sites used to steal your personal information—will disguise themselves as legitimate sites, with a subdomain (information that precedes the domain name) that looks identical to the actual site’s domain name. For example, a site might begin “google.com,” followed by a longer address and another “.com.” In this example, the first part of the URL, “google.com,” is actually a part of the site’s subdomain, tricking visitors into thinking they have reached Google.
If a site has an unusually long URL address, or if you’ve received a suspicious email asking you to click a link, there’s a chance you’re being baited into a phishing trap and directed to a phony web address. Many phishing sites also contain grammatical errors and take an urgent tone, trying to press you to divulge personal information. Learn to spot the telltale signs of a phony site, and always look carefully at the web address’s domain name and subdomain.
Look at connection type
The beginning of the web address contains a protocol, usually “http://” or “https://”. You may need to click on the actual address bar to revel the protocol, but doing so will allow you to inspect the connection type.
If the address starts “http” and not “https” it means your connection isn’t secure. It may be possible for people to intercept information sent across these types of connections. The “s” at the end of the “https” stands for secure and prevents communications from being stolen. Especially if you’re sending financial or personal information over the internet, ensure that your connection is secure.
Phony websites usually don’t include “https” connections. On the other hand, most legitimate websites will include the secure connection protocol, so it’s a good idea to quickly check your connection type on each website you visit.
Beware of advertising attacks
If you visit a site that immediately greets you with several ads that overcrowd your screen, there’s a good chance you’ve taken a wrong direction in your web navigation. These ads can take up the whole page. Many contain explicit or suggestive material, and most will redirect you to another site. Some of these ads may even ask you to take a quick survey or claim to reward you with a gift card for clicking.
These in-your-face ads are almost always a sign that you’ve reached a phishing site. Quickly close these browser windows and avoid clicking on the ads. Some of them may contain harmful computer viruses, spyware, or malware that can infect your computer and steal your personal and financial information.
Do some research of your own
Legitimate sites almost always include contact information—a phone number, email address, and a street address—where you can locate a representative of the site’s organization. If you’re unsure whether a website you’ve reached is correct, try looking for contact information and calling or sending a message to the site’s administrator.
You can also research who owns the web domain with a quick online search. Every domain is required to register their web address. By researching this information, you can find who owns the website, the country of origin, active or inactive status, and how long the website has been in existence (websites that were started only a short while ago should raise an immediate red flag).
Check a transparency report
Google provides the “safe browsing site status” of any site on the internet, as a free service. All you have to do is visit Google Transparency Report, type in a web address, and you can immediately see whether any unsafe content can be found by visiting a particular site.
Google examines billions of URLs per day, constantly searching for unsafe sites. The reports are updated to flag unsafe sites, as well as legitimate sites that may have been compromised. These warnings appear when you use Google to search and you can find them in your web browser. But if you feel more comfortable, you can always check the transparency report on your own.
The next time you search for or visit a site, use these quick tips to verify whether you’ve reached the right address. Doing so on a consistent basis can help you avoid scams and keep your information secure.