Is This Web Page Safe?

April 12, 2017

The internet can be full of people and places designed to steal your identity and your money. Use the information below to determine if a link is safe before you click on it.

Start by hovering over a link with your mouse cursor. Once you hover, you will see a bubble near your cursor or in the bottom left corner of your browser window showing you the web address, or URL, you will be taken to. While the link text can be manipulated to make it seem like the link will go to a legitimate source, the URL in the bubble always shows the real destination of the link. You further can judge the legitimacy of the URL in the bubble by doing the following:

  • Find the domain. Every web address has a domain: the part between the :// and the first /. The domain in the example below is www.google.com. Avoid links that use a series of numbers and periods as the domain.

Web address bar showing: http://www.google.com

  • Check the sub-domain. Legitimate web addresses can contain sub-domains. But a scammer will use a sub-domain to make the link seem like it’s going somewhere other than a scam website. In the example below, the link actually goes to iamascammer.com, not Google. The part of the domain closest to the end is the most important.

Web address bar showing: http://www.google.iamascammer.com/

  • Don’t be fooled by the slash. Remember, the domain indicates where the link will take you. A scammer may try to use the words after a slash to trick you. The example below also goes to iamascammer.com, not Google.

Web address bar showing: http://www.iamascammer/www.google.com

  • Be wary of shortened URLs. You can’t tell by looking at a shortened URL (like bit.ly and tinyurl) what web address you’ll be taken to. 
  • Look for the “s” and the padlock. Before you submit any personal information over the web, be sure that the page is secure. A secure website will always have an https, rather than just an http, in the web address. Also look for an image of a padlock or similar indication that tells you the web page is encrypted, like in the image below.

A web address bar showing the https and a padlock

Remember that most organizations like banks, charities, and Colorado PERA won’t ask for personal information in an email. Be especially cautious of a sense of urgency and remember, when in doubt, throw it out. 

Use your search engine of choice and make sure the domain matches the address in an emailed link.