- Secure Computing
- Guarding privacy
- Fake URLs
Spotting fake URLs in fraudulent emails and websites
The URL (Uniform Resource Locator) is the basic address system of the web—all web pages have a unique URL that your web browser uses to find and display the page. You typically see the URL listed in the "Address" bar at the top of your browser window:
Unfortunately, fraudulent websites are increasingly common, and thieves will often try to disguise the rogue website by giving the site a URL very similar to a legitimate, well-known site. Ebay, Amazon, and PayPal are all popular sites that are often targets for internet criminals trying to lure the customers of these legitimate sites into disclosing personal information to rogue impostor sites that look like the real site. The criminals then use this information in identity theft or credit card fraud schemes.
The end of the URL is what matters the most
A real commercial URL will always end with companyname.com, as in "http://www.amazon.com". Sometimes companies use special URLs for different parts of their websites, but notice that the end of the real URL is always the same: http://associates.amazon.com. It's the same with universities: the name will end with universityname.edu, as in http://www.yale.edu.
The URLs below are all FAKE forms of the Amazon and Yale URLs. They attempt to look real, but notice how the URL ending are never the real "amazon.com" or "yale.edu":
- amazon.accounts12.com
- www.amazon.your.com
- www.amazon.delinquent.com
- www.yale.email.org
- www.yale-accounts.com
- yale.security12.com
Beware of Internet IP addresses in URLs!
Criminals will often use the raw IP (Internet Protocol) address of a rogue web server in place of a conventional URL name. Instead of something familiar-looking like "www.ebay.com" or "www.amazon.com" the URL might look like this:
Never navigate to a website that uses an IP number for a URL address—the site will almost certainly be fraudulent.
Thieves sometimes disguise the real URL in an email or web page link
Sometimes a real-looking URL in an fraudulent email message or website might look just like the real thing:
Please update your account information at http://www.amazon.com.
Notice how this link above does not take you to "www.amazon.com," even though the text says "amazon.com." If you paste this text into Microsoft Word and run the cursor over "amazon.com" you'll see that we actually pointed this "Amazon" link to the Yale home page:
Your web browser's "status bar" is the most convenient way to check to see where a web page link might actually take you. The status bar appears at the bottom of the web browser window. When you hold the cursor over a link, the status bar will show you the real URL the link points to:
Make it a habit to check the status bar when you visit unfamiliar websites, especially if you will be making purchases or providing any personal information to the website. Be sure you are dealing with the real site, and not a fake.
