How to spot a fake URL

Tips to spot a fake URL

Recognising fake websites and domain names isn't as easy as it used to be. The days are gone when badly written text, illogical URLs and the absence of a padlock symbol gave the game away. Nowadays, internet users really need to be on the ball. So we've put together some advice to help you out.

As internet users have got wise to many common scams, scammers have upped their game. Many fake websites nowadays have green padlocks, for example. And their look and feel are often indistinguishable from the real thing, right down to a convincing-looking URL. So how can you tell a fake site from a real one? One good way is to check the URL.

How to check

Step 1: Find out what the company's official URL is.

Not sure? Call the company to ask what their real web address is.

Step 2: Decipher the URL

It's important to be aware that URLs often have several parts. Here are two examples to show you how to read a URL. 

Example 1:

  1. https://

  2. www. (= subdomain)

  3. (= primary domain) 

Scammers often use more complicated URLs. So you might come across something like this second example, which has five parts: Example 2:

  1. https://

  2. (= subdomain)

  3. (= primary domain in this example)

  4. /mail/ (= folder)

  5. login/

With the URL in example 2, it's less obvious what the domain name is. That's because the scammers have included the official domain name as a subdomain to catch people out. A subdomain is the part of an address that comes before the domain name. In most genuine addresses, that's 'www'. But here the subdomain is ''. So, at first glance, the URL looks as if it belongs to example's official website, when really it'll take you to That's a fake domain name dreamt up to look as if it belongs to example, when it doesn't really.

Tip 1. Look at the country code

Every domain name includes a 'top-level domain' at the end. In this case it's .nl, but you'll often see .com and sometimes .shop, .eu and others. Is the firm you're interested in Dutch? If so, there's a good chance that their actual URL will end with '.nl'. If you get mail from a domain ending with .tk (Tokelau), .in (India) or .ru (Russia), ask yourself whether that tallies with the sender. 

Tip 2. Check that the firm's name is spelled correctly

Scammers often use domain names that are almost like a real company's name, but not quite. They try to catch you out by, for example, using a name with a zero where the letter 'o' should be. Or by slipping in an extra letter that many users won't notice. As in '', which is easy to mistake for '' (used by a big bank in the Netherlands).

Tip 3. Remember: the actual domain is at the end

To see what the actual domain is, look at everything between the https:// and the first / in the address. In our second example, that's ''. The actual domain is always the last part of that string. So you can see that if you click on our example URL, it'll take you to If there isn't a /, read the last part of the URL first.

Why are those URLs so long? 

To make their URLs seem real, scammers often include familiar-looking elements both before and after the actual domain name. The parts after the domain name are called folders. Crooks try to catch people out by giving their folders genuine-sounding names. They might include the name of the company they are pretending to represent, or one of its brands or services. Users see a folder or subdomain with a name that they know, and they're tricked into trusting a URL where the actual domain name is something very different. In our second example, there's a folder called 'login', so that a reader in a hurry will expect the link to lead to a website log-in page. Of course, that's just what the scammers want. Fake internet banking sites often use that trick.

Tip 4: Beware of 'click here' links

Before clicking, see where a link leads. The address pops up if you move your mouse pointer or cursor over the link without clicking.

And don't forget that the whole link might not be immediately visible. So it's a good idea to check a link before you click on it.



Sietske Plantinga


+31 26 352 55 00

  • Monday 17 December 2018


    IDnext and SIDN intensify collaboration


    Joint IDnext event will promote innovation in the field of digital identification

    Read more
  • Monday 30 September 2019


    Problematic domain names? Don't disable DNSSEC validation!


    Better to set a negative trust anchor

    Read more
  • Tuesday 26 March 2019


    The internet user of the future


    Four trends and predictions

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.