How to Recognize a Fake URL

One of the first rules of online security is to exercise caution at all times. Try to avoid clicking on links in pop-up ads or links in emails that seem to be phony or suspicious. A good general rule is to type the Web site address in your address bar directly, rather than use a link in an email message, especially if you are going to a financial site.

You can check the URL in any email or on another Web site by simply holding your mouse above the link. The URL will appear in your browser or status bar (the bar that is usually at the bottom of your screen) and you can see what the name of the site is before you actually click on it.

A fairly sure sign that a URL is fake is if the URL contains the "@" sign in the middle of the address. If a URL contains the "@" sign, the browser ignores everything to the left of the link. For example, if you go to a Web site that is www.paypal@150.44.134.189, you are not going to the Paypal site at all. Legitimate sites and companies use a domain name as part of their name rather than the "@" sign.

A dead giveaway for a fake URL or a fake Web site is basic spelling mistakes in the Web address itself. Some URLs look very much like the name of a well-known company, but there may be letters transposed or left out. An example might be "mircosoft.com" instead of "microsoft.com." These slight differences can be easy to miss, and that’s what phishers are counting on.

The popular Paypal site is a common target for phishers and scammers. Even if a URL contains the word “paypal,” it may not be the authentic Paypal site. Some common URLs that will NOT lead you to the real Paypal site are: www.paypalsecure.com and www.paypal@accounts.com.