URL fraud: spot fake links and stay safe online

A friend of mine got a text last year that looked exactly like it came from her bank. The link looked right. The logo looked right. She clicked. Within hours, her account was drained. Stories like hers are not rare. 91% of breaches start with phishing, and most of those attacks use a single weapon: a fake link. The scary part? Most people have no idea what to look for. This article will change that.

What is URL fraud?

URL fraud means using a deceptive link to trick you into doing something you would not normally do — handing over your password, downloading malware, or entering your credit card number on a fake checkout page. The link is the bait. Everything else follows from that one click.

Scammers use fake URLs for a few core reasons:

• Steal your login credentials by sending you to a fake sign-in page that looks real.
• Install malware on your device the moment you land on a malicious site.
• Impersonate trusted brands like banks, delivery services, or government agencies.
• Harvest personal data such as your name, address, or Social Security number.

Here's something that surprises most people: URLs are used 4× more than email attachments in phishing attacks. Scammers have figured out that links are easier to disguise, harder to block, and more likely to get clicked. If you want to understand the full picture, the URL scam red flags guide covers every major pattern.

URL fraud is not just an email problem either. It shows up in text messages, social media posts, QR codes, and even online ads. Anywhere a link can live, a scammer can hide one.

How URL fraud works: tactics and real-world examples

Scammers have refined their methods into repeatable, scalable tricks. Nearly a million phishing attacks were recorded in Q4 2024 alone.

Tactic	What it looks like	Why it works
Typo domain	paypa1.com instead of paypal.com	Easy to miss at a glance
Subdomain trick	paypal.com.scamsite.net	Looks like the real domain is first
HTTPS fake	https://fake-bank-login.com	Padlock icon creates false trust
URL shortener	bit.ly/xR93kp	Hides the real destination entirely
Lookalike site	amaz0n.com	Swaps letters for numbers or symbols

Here is how a typical URL scam unfolds, step by step:

1. You receive a text or email claiming your account has been locked or a package is waiting.
2. The message creates urgency, telling you to act immediately or lose access.
3. You click the link, which looks almost identical to a real site.
4. You enter your credentials or payment info on the fake page.
5. The scammer captures your data instantly and uses it or sells it.

Scammers also hide fraudulent URLs inside QR codes — a growing tactic. See real QR code scam examples to understand how that works.

Pro Tip: Never trust a link just because it starts with HTTPS. The padlock only means the connection is encrypted. It says nothing about whether the site itself is legitimate.

Why people fall for fake links: misconceptions and psychology

Even with growing awareness, millions of people still click suspicious links every year. Let's clear up the biggest myths first:

• Myth: HTTPS means the site is safe. Wrong. 35% of phishing links now use HTTPS. The padlock just means your data is encrypted in transit — not that the destination is trustworthy.
• Myth: I would recognize a fake site. Scammers copy real websites pixel by pixel. Logos, fonts, colors, and layouts are often identical to the real thing.
• Myth: Only less tech-savvy people get fooled. Phishing attacks are designed by professionals. They target everyone, including IT workers and security experts.
• Myth: If the email came from a trusted brand, the link is safe. Scammers spoof sender addresses constantly. The name in your inbox means nothing without deeper checks.

"Scammers do not need to break through your firewall. They just need you to click once."

Beyond myths, there is the psychology. Scammers use three emotional levers with precision: fear, curiosity, and authority. A message saying your account will be suspended triggers fear. A subject line saying "You have a new voicemail" triggers curiosity. An email appearing to come from the IRS triggers authority. These emotions short-circuit your critical thinking and push you toward clicking before you pause to question.

How to spot and avoid URL fraud: practical steps anyone can use

Real safety comes from action. Here is a clear, step-by-step process you can use every time you receive a link you are not 100% sure about.

1. Pause. Do not click immediately — especially if the message creates urgency.
2. Hover over the link on desktop to preview the actual URL in the bottom of your browser.
3. Read the domain carefully. Look for extra words, swapped letters, or unusual extensions like .xyz or .info.
4. Check for subdomains. The real domain is always the part just before the first single slash. "paypal.com.fakesite.net" is owned by fakesite.net, not PayPal.
5. Do not trust the display text. A link can say "Click here to visit PayPal" but send you somewhere completely different.
6. Use a URL checker. Paste the link into ScamKit's link checker before visiting it.
7. Go directly to the source. If a message claims to be from your bank, open a new tab and type the bank's address yourself.

Warning sign	Example	Risk level
Misspelled domain	gooogle.com	High
Unusual extension	yourbank.xyz	High
Excessive subdomains	login.secure.bank.fakesite.com	Very high
URL shortener with no context	bit.ly/abc123	Medium to high
Mismatched display text	"PayPal" linking to scamsite.net	Very high

Pro Tip: Always check for subtle changes in domain spelling. Scammers often swap the letter "o" for the number "0," or add an extra letter that is easy to miss when you are reading quickly.

Related guides

• 5 URL red flags that catch most scams
• Is this website safe to buy from?
• How to tell if an email is fake
• QR code scams are everywhere — here's what to watch for
• I analyzed 50 phishing emails