Secure CyberCity against a rising tide of cyberattacks
5 Ways to Spot Dangerous URLs Anyone Can Use
Not all URLs are trustworthy. Some are dangerous URLs, and may lead you to malicious websites that can infect your device with malware, steal your personal information, or trick you into giving away your money or credentials.
These are called phishing URLs, and they are often disguised as legitimate ones.
What is a URL?
A URL, or Uniform Resource Locator, is the address of a web page that you can see in your browser’s address bar. For example, the URL of one of our past posts is https://www.biztechlens.com/how-to-identify-a-suspicious-url/.
In this post, I’ll take you through five simple and effective ways of identifying dangerous URLs. This is my personal initiative to keep the internet safe for everybody.
Note: Active links used in this post are safe for browsing.
How can you tell if a URL is dangerous or not?
Here are some tips to help you spot and avoid dangerous ULRs (phishing URLs).
1. Check the URL structure
A URL consists of several parts, such as the protocol, the domain name, the path, and the query string.
For example, in the URL https://www.biztechlens.com/how-to-identify-a-suspicious-url/,
- Protocol is https,
- Domain name is biztechlens.com, and
- Query string is how-to-identify-a-suspicious-url/.
Each part has a specific function and meaning, and you should pay attention to them when examining a URL.
Some of the red flags to look for in a URL structure are:
The protocol is not https
HTTPS stands for Hypertext Transfer Protocol Secure, and it means that the communication between your browser and the website is encrypted and authenticated.
If a URL starts with http instead of https, it means that the connection is not secure and your data could be intercepted or tampered with by hackers.
Always look for the padlock icon next to the URL to verify that the website has a valid SSL certificate and uses HTTPS.
The domain name is misspelled or contains extra characters
Phishers often use typosquatting or homograph attacks to create fake domains that look similar to legitimate ones but have slight differences in spelling or punctuation.
For example, they may use biztech1ens.com instead of biztechlens.com, or biztech-lens.com instead of biztechlens.com.
These subtle changes can be hard to notice at a glance, but they can make a big difference in where you end up.
Always double-check the domain name for any errors or inconsistencies before clicking on a link or entering any information.
The domain name does not match the sender or the context
Bad internet players may also use legitimate-looking domains that have nothing to do with the sender or the context of the message.
For instance, they may send you an email from your bank asking you to verify your account details, but the link leads to a website with a domain like bank-security.com or bank-login.net.
These domains may sound official, but they are not affiliated with your bank and are likely phishing sites. As a rule of thumb, compare the domain name with the sender’s address and the context of the message to see if they match and make sense.
The path or the query string contains unusual or irrelevant words
Phishers may also try to hide their malicious URLs by adding extra words or characters to the path or the query string of a legitimate domain.
For example,
They may use https://www.biztechlens.com/why-do-cyber-attackers-use-social-engineering-attacks/?login=secure&account=verify.
Instead of https://www.biztechlens.com/why-do-cyber-attackers-use-social-engineering-attacks/.
The extra words or characters may look harmless, but they may actually trigger a malicious script or redirect you to a phishing site.
Note: Examine the path and the query string for any unusual or irrelevant words or characters before clicking on a link.
ALSO READ:
- How to Protect Sensitive Info: A Comprehensive Guide
- What Does SLAM Method Stand For in Cyber Security?
- Why Do Cyber Attackers Use Social Engineering Attacks?
2. Check the sender source
Another way to identify dangerous URLs is to check where it came from and who sent it to you.
Phishers often use email, social media, text messages, or phone calls to lure you into clicking on their links.
They may pretend to be someone you know or trust, such as a friend, a family member, a colleague, a company, or an organization.
Some of the signs to look for in the sender source are:
The sender’s address does not match their name or identity
Phishers may use spoofing techniques to make their emails look like they come from legitimate sources, but if you look closely at their addresses, you may find some discrepancies.
For example, they may use john.doe@biztech-lens.com instead of john.doe@biztechlens.com, or support@biztech1ens.com instead of support@biztechlens.com.
These differences may indicate that the sender is not who they claim to be and that their email is fake. Always verify the sender’s address by looking at their full name and domain before trusting their message.
The sender’s message is urgent, threatening, or too good to be true
Phishers often use emotional manipulation to persuade you to click on their links. They may create a sense of urgency, fear, or curiosity by telling you that something bad will happen if you don’t act fast, or that something good will happen if you do.
For example, they may tell you that your account has been compromised and that you need to verify your details immediately, or that you have won a prize and that you need to claim it now.
These messages are designed to make you act impulsively and without thinking.
Be skeptical of any message that sounds too urgent, threatening, or too good to be true, and do not click on any links without verifying their legitimacy.
The sender’s message contains spelling or grammatical errors
Phishers may also make mistakes in their messages that can reveal their true intentions. They may use poor spelling, grammar, punctuation, or formatting that can make their messages look unprofessional or suspicious.
For example, they may use “Dear Customer” instead of your name, or “Click here” instead of a descriptive link text.
These errors may indicate that the message is not from a reputable source and that it is a phishing attempt.
Proofread any message that contains a link and look for any errors or inconsistencies before clicking on it.
3. Check the link with online tools
If you are still not sure about a URL, you can use some online tools to check it for you. These tools can help you unshorten shortened links, analyze the reputation and safety of websites, and detect phishing and malware threats.
Some of the online tools that you can use are:
CheckShortURL
This tool can help you unshorten shortened links and reveal their original URLs.
It can also show you some information about the website, such as its title, description, keywords, and favicon. You can use this tool to see where a shortened link leads before clicking on it.
Unshorten.It
This tool can also help you unshorten shortened links and show you their original URLs.
It can also give you a screenshot of the website, a safety rating from Web of Trust (WOT), and a description from Alexa. You can use this tool to see what a shortened link looks like before clicking on it.
PhishTank
This tool can help you check if a URL is a phishing site or not. It is a community-based project that collects and verifies reports of phishing sites from users around the world.
You can use this tool to see if a URL has been reported as a phishing site by other users before clicking on it.
URLVoid
This tool can help you check the reputation and safety of a website.
It scans the website with multiple engines and databases, such as Google Safe Browsing, Norton Safe Web, and VirusTotal, and gives you a report of its findings.
Furthermore, URLVoid can use this tool to see if a website has been flagged as malicious or suspicious by other services before clicking on it.
4. Use antivirus software and browser extensions
Another way to protect yourself from suspicious URLs is to use antivirus software and browser extensions that can block or warn you about malicious websites.
These tools can scan the URLs that you visit and prevent you from accessing websites that contain malware, phishing, or other threats.
Some of the antivirus software and browser extensions that you can use are:
Avast
This is a popular antivirus software that can protect your device from viruses, malware, ransomware, spyware, and other threats.
It also has a feature called Web Shield that can block malicious websites and downloads in real time.
Malwarebytes
This is another popular antivirus software that can detect and remove malware, ransomware, adware, spyware, and other threats from your device.
Malwarebytes has a feature called Browser Guard that can block malicious websites, ads, trackers, scams, and phishing in your browser.
Bitdefender
This is another well-known antivirus software that can safeguard your device from viruses, malware, ransomware, spyware, and other threats.
Another top feature in Bitdefender is TrafficLight that can filter out malicious websites and links in your browser.
uBlock Origin
This is a powerful browser extension that can block ads, trackers, malware domains, and other unwanted content in your browser.
The uBlock Origin Extra feature can block some additional types of malicious websites and scripts.
HTTPS Everywhere
This is a useful browser extension that can force your browser to use HTTPS instead of HTTP whenever possible.
HTTPS is more secure than HTTP because it encrypts your data and prevents hackers from intercepting or modifying it. This extension can help you avoid insecure websites and links in your browser.
However, you no longer need HTTPS Everywhere to set HTTPS by default! Major browsers now offer native support for an HTTPS only mode.
5. Use common sense and caution
The last but not the least tip to identify a dangerous URL is to use your common sense and caution when browsing the web.
No matter how many tools or techniques you use to check a URL, there is always a chance that you may encounter a new or sophisticated phishing attack that can bypass them.
Therefore, you should always be careful and vigilant when clicking on any link or entering any information online.
Final thoughts on how to identify dangerous URLs
In this post, I’ve taken you through 5 simple yet effective ways of identifying dangerous URLs.
To begin with, simply scrutinize the URL structure for any inconsistencies or errors. Secondly, check the sender source. Thirdly, check the URL using online tools. I also advise you to use antivirus & browser extensions filter dangerous URLs.
Finally use common sense at all times, and be cautious when accessing anything online.
What are your biggest concerns when encountering unknown URLs? Have you ever fallen victim to a phishing attempt? Share your experiences and help others stay safe in the comments!
