November 7, 2022

How to Spot a Fake URL

Posted by Rhiannon

Every piece of content on the internet is found through a URL. In fact, without URLs, we would never be able to navigate the web. While most URLs are perfectly safe and take you exactly where you expect them to, scammers are increasingly making use of a fake URL or two to compromise your safety and privacy online. Thankfully, you can protect yourself by learning how to spot a fake URL. Here’s an in-depth look at what URLs are and how fake ones put you at risk:

  • What is a URL?
  • Why do fake URLs exist?
  • Where are they most commonly found?
  • What happens if I click a fake link?
  • How to identify fake links

What is a URL?

The acronym URL stands for “uniform resource locator.” You use URLs every time you visit the web. They’re actually one of the core building blocks for the internet and, without them, it would be almost impossible to navigate the enormous amount of content online. Before URLs were created, every website online was essentially assigned a number. You had to know the number of the website you wanted to visit in order to navigate to that site. 

However, as the web grew, knowing and remembering each unique number became an enormous challenge. In addition, searching the web for new websites was incredibly difficult. To solve this problem, URLs were created. Essentially, a URL is the written name assigned to every unique element, or resource, online (a “resource” may refer to entire web pages, or may only apply to a single photo or document). These addresses were much easier to remember and share, and they made it possible to index websites online, which made them searchable with tools like search engines, based on a few simple keywords.

 With the URL system in place today, if you want to visit Google, you simply type the URL and can be on the site in a matter of seconds.

Why Do Fake URLs Exist?

Considering the fact that URLs make the world (wide web) go round, it seems as though it would be counterproductive to create fake ones. However, that doesn’t stop them from being created. So why do fake URLs exist? There are three main reasons.

  1. In some cases, although you may think a URL is fake because it doesn’t open to a functioning web page, it may actually just be leftover from old content. There are instances where the content on a web page is deleted but the URL remains active. These cases are not generally considered dangerous, although they can be annoying.
  2. Cybercriminals are behind the other two most common reasons for fake links. In the first case, if they convince you to click a fake link, they may be able to infect your device with malware. Malware may generate spam, lock your content, slow your device, or use your device to infect others. Some malware is created with the intent to cause as much damage as possible. Other forms are created to generate money; if you want the malware removed from your device, you have to pay the criminal an exorbitant fee. These links often come to you through email. You probably can’t prevent them entirely, but you can help reduce their prevalence by using a reputable email service and browsing the web with a secure VPN, which can help prevent criminals from getting your email address in the first place.
  3. Cybercriminals may also create realistic-looking URLs to trick you into inputting your personal information on the resulting web page. This information may include things like your name, address, credit card number, banking details, passwords, and more. Once handed over, the criminal uses this information for their own gain (usually financial).

Where are Fake Links Most Commonly Found?

Although fake links are becoming more and more common online, that doesn’t mean you’ll run into them everywhere you go. There are a few places on the web where they’re found more commonly than others:

  • Emails. Cybercriminals have become experts at making scam emails look convincing. These emails will ask you to click a link for an urgent matter but, if you do, you might be taken to a website asking for your information or you may initiate the download of a virus.
  • Ads. Some ads, especially pop-up ones, contain links to URLs that will steal your information.
  • Torrenting sites. If you use shared peer-to-peer networks, you should be careful. They’re a hotbed for hackers who can take advantage of lax security protocols and monitoring to share fake URLs disguised as real content.
  • Social media. Some cybercriminals make use of bot accounts on social media websites. The main purpose of these bots is to convince users to click links in statuses, comments, and private messages. 

What Happens if I Click a Fake Link?

If you accidentally click a fake link, there are a few things that may happen. Some are more obvious than others:

  • Your device will initiate a download. If you click a link and your device immediately starts downloading a file you don’t expect, or prompts you to accept a download, this might be a sign that you clicked a fake link. In most cases, these downloads install malware (which may be a virus, ransomware, ad/spamware, etc.).
  • You’ll be taken to a website asking for your information. For example, a cybercriminal may send you a fake email designed to look like it’s from your bank. This email may tell you that you must sign in to your bank account immediately to prevent a security breach and provide a link to do that from. If you click this link, it will look like the login page for your bank account but, really, the cybercriminal will just be collecting the information you type into the text boxes.
  • Your accounts will start sending fake links to other people. This is an especially common trick on social media. One person clicks a fake link designed by a cybercriminal. Then their account begins sharing that link with their connections. Those connections then click the link in turn, thinking it safe because it was sent by a friend. It continues to spread in this way, often unbeknownst to you.

How to Know if a Link is Fake

The problem with fake URLs is that they don’t look fake. In fact, it can be incredibly difficult to distinguish between a real URL and a fake one, even when you’re actively looking. The best way to protect yourself online is to remain vigilant online and to treat all links you didn’t deliberately seek out with suspicion. These tips can help you distinguish between a real URL and a fake one:

Check Shortened URLs for a Fake URL

Some URLs are really long and very sloppy to look at. In some cases, that may lead to businesses or individuals shortening a link to make it look nicer. This is usually done with a tool like Bitly. However, shortening a link often changes the URL so much that you can’t tell where it leads to. If you click it, you may accidentally let malware in, or your data out, without even knowing it. So, before you click, do some digging. There are websites available (like Unshorten.It) that will probe a shortened link and tell you where it goes without actually opening it.

Look for Misspellings

Sometimes, a link may be sent to you from an email posing as an organization or person who may actually reach out to you. They most commonly copy businesses with mailing lists or banking/financial institutions. Before you click the link, scan it for misspellings. If you routinely shop at but the link says, stop there. It’s almost definitely a fake link that you don’t want to click. If the link is spelled correctly but you’re still suspicious, move to the next step.

Pro tip: Even if a link looks good, if the email itself has a lot of spelling mistakes, it might still be spam! Check out our article about detecting a variety of scams.

Keep an Eye Out for Extra URL Words

Another common trick to misdirect you into thinking a fake link is real is to add extra words into a URL. For example, becomes This is a more nefarious way of tricking you because real websites do modify their URLs to differentiate between pages. If you still aren’t able to ascertain whether or not a link is real, don’t click it.

Contact the Organization

The most surefire way to know if a link is real or not is to contact the business that (supposedly) sent it. Don’t use any information in the same email as the suspicious link (since they’ll use their own) but instead find contact information on the real website of the business in question. You may have to wait a day or two to receive a response about the link, but it’s better to wait than to regret hastily clicking a bad link.

Think Before You Click

When you receive a link, think before you click it. Is it coming from someone who wouldn’t normally send you links to things? If the person you haven’t spoken to since high school sends you a link to purchase sunglasses out of the blue, it might be a scam. Same with the clothing company you haven’t purchased from in five years sending you a link and claiming there’s a problem with your account. Of course, these links may be perfectly harmless. However, if they seem suspicious, dig a little deeper before deciding to click.

Avoid Buttons

Unfortunately, with good web design, it’s easy to hide a fishy link behind a flashy button that says something like “Sign In,” or “Buy Now.” Regular text can also be turned into buttons, like this button that takes you to another one of our blog posts. The problem with buttons like this is that you can’t easily prove they’re taking you somewhere. If you want to follow a link hidden behind a button or piece of text, the safest way to do so is to right-click over top of the link and select “Copy Link URL/Address.” From there, you can paste the full link into a safe document. This allows you to inspect it before deciding whether or not to visit the website it leads to. 

Fake URLs don’t have to ruin your online experience. By understanding what they are, where they’re most commonly found, and how to spot fake links, you can protect yourself. Following these steps will help make sure you stay safe and private online. 

Posted by Rhiannon

More Blog Posts

February 14, 2023

How the Investigatory Powers Act Impacts Citizen Privacy

In 2016, the United Kingdom passed the Investigatory Powers Act or IP Act, into law. This act empowered the government and related agencies to access and collect citizen data, without consent. Critics immediately slammed the new law. The media dubbed it the “Snoopers’ Charter.” Meanwhile, Edward Snowden described the act as “the most extreme surveillance […] Read more

February 14, 2023

How to Easily Unblock Wikipedia with HotBot VPN

Wikipedia puts a wealth of information at your fingertips. Everything from the biography of Alexander Graham Bell to the basics of quantum computing can be instantly opened by curious browsers. But what happens when you can’t access that information? Whether a business network blocks it or a particular country censors it, don’t let that slow […] Read more

February 14, 2023

How to Unblock Skype with HotBot VPN

Need to make a business call? Want to talk to your grandma an ocean away? Excited to video chat with your friends on the weekend? Chances are, Skype is your go-to video messaging service. It allows users to connect to people anywhere in the world. Anywhere, that is, where Skype isn’t blocked. Unfortunately, networks may […] Read more

Get the HotBot VPN Mobile App.

Download our apps for iOS and Android