How To Spot Malicious Website URLs

Spotting bad url's

When browsing the web, using social media or checking your email, it is very important to exercise caution when clicking on links. Cybercriminals actively create deceptive links to infect devices with malware or steal personal information.

Here are some things to look for before clicking the link:

Hover Over the Link

To identify a potentially malicious link, you need to first see where it points to. You can find this by hovering your mouse cursor over the link’s text, but do not click the link. This allows you to preview the full destination address before deciding whether to proceed. Be very wary of links trying to send you to an unknown site other than what you are expecting.

Look for HTTPS at the Beginning of the Link

Legitimate websites use “https://” to indicate that the page connection is secured using SSL encryption. However, just seeing the “s” does not guarantee safety and further inspection is needed.

Observe the Subdomain

It is important to pay attention not just to the overall domain name but also to any subdomains (they are listed before the main domain). Usually this is just “www,” but it can be anything. For example in the link “”, mail is the subdomain.

Attackers use the subdomain to look like the actual domain. For example, “”. The domain you will go to when clicked is “,” not Google.

Watch out for Special & Suspicious Characters

Look out for hyphens in the domain name. A hyphen alone doesn’t mean a website is malicious and many website use hyphens in their domain names. However, it is a common trick to emulate a well-known domain name.

For example, a link to “” would be suspicious, as Google’s actual domain is simply “”. But a domain like “” is not as simple to determine if it is fake or real. Thus a hyphen is a red flag that the site could be impersonating a legitimate domain.

Also check for suspicious characters, for instance:


Both the addresses above are not the correct The first website address uses zeroes as the letter O and the second address uses the number one as the letter L. Hackers also use different fonts that look similar to other characters. If in  doubt type the address into your browser rather that clicking a link or doing a copy and paste.

Look at the Extension

Another part of the domain to inspect is the top-level extension at the end. Common extensions for legitimate websites include “.com,” “.org,” “.edu,” “.gov,” and country-specific endings such as “.au” for Australia or “.uk” for the United Kingdom.

Cybercriminals use alternative extensions, hoping to disguise malicious sites. Be wary of unfamiliar extensions or ones that don’t align with the expected use case. For example, a banking site using “.net” instead of “.com” may indicate a phishing attempt.

Staying vigilant and taking the time to check links can help shield you from a number of online threats. If any part of a link raises concerns about where it may lead, it is usually best not to risk clicking until you have had a chance to verify the context through other trusted means (i.e. ringing the person who sent you the link or the company the link is meant to go to).

Maintaining cautious Web habits is the easiest way to help avoid becoming the victim of deceptive scams or malware attacks online.

If you think you have clicked on a malicious link or need help securing your organisation, contact us today and see how we can help.