To Click or Not To Click?

Don’t fall for tricky URLs

The contents of this guide have been adapted from the Digital Enquirer Kit written by Tactical Tech and produced by GIZ.

A web address (also known as a URL) tells you where a resource is located online. But did you also know that it includes important information about a website’s security and authenticity at a glance—if you know what to look out for.

Because web addresses may be long, complex-looking, and not very pretty, they’re often hidden. Maybe they’re disguised within hyperlinked texts or previews. This can make it difficult to see exactly which address you’re going to, and as a result you put your trust in the person who created the resource or sent you the link.

When you see a link, do you automatically click on it? Next time, take a moment to examine the web address closely and you might notice some clues.

Data collectors and scammers rely on you hastily or unknowingly clicking through their tricky links. This might not sound so bad, until you consider that some might trick you into installing a virus, or giving away your password, personal identification number, or other private information like bank details that could cause you a real headache if it were to get into the wrong hands.

As you follow this Data Detox, you’ll learn practical steps to slow down and decide whether it’s really okay for you to click on that link, or whether you need to proceed cautiously.

Let’s get started!


Recognize Tricky Web Addresses

Website addresses can be very long and complicated, or the text can be small and hard to see. But resist the urge to quickly click and always take a closer look first.

A copycat URL is a web address that is designed to look just like the original with the intent of deceiving you. The copycat version is often run by scammers in order to trick you into sharing your password or other sensitive information. It’s usually pretty easy to spot copycat web address —it’s just a matter of training your eyes to identify common tricks, such as adding or changing letters and numbers in what looks like an authentic address.

Compare these two web addresses:

  • The original URL: https://www.mybank.com
  • The copycat: https://www.rnybank.com

Did you notice that the scammer added an “r” and an “n” in the address in lieu of an “m”?

You may also see a website’s address displayed within the text of an email body or advertisement. Carefully check the actual web address that’s linked there before clicking on it! It might be that it was written in a way to deceive you, just as you saw in the example with mybank.com.

Let’s look at some of the most common web address tricks.

What’s wrong with these web addresses?

Match the issue to the URL.

Arrow of theme security

URL shortener

Numbers used for letters

Unique endings

www.g00gle.com

www.mybank.co

tinyurl.com/1njs1bkb

What’s wrong with these web addresses?

www.g00gle.com

Unique endings

Numbers used for letters

URL shortener

www.mybank.co

Unique endings

Numbers used for letters

URL shortener

tinyurl.com/1njs1bkb

Unique endings

Numbers used for letters

URL shortener

Did you know? Scammers might also create long web addresses to trick you into thinking you’re going to the official website. Here's an example: https://www.mybank.com. secureloginportal. randomID8383.finance. Look at the data before and after the last dot in a web address. Here, the web address is designed to look like it is going to https://www.mybank.com, but it is really going to randomID8383.finance.

You’ve seen a lot of web addresses tricks now. Here are two easy tips to avoid them:

  1. Type it yourself, don’t click! A good rule of thumb, especially for the most sensitive services like your bank, is to never click a link you receive in your email or in an advertisement, and to always type the URL into your browser yourself. This extra effort reduces the likelihood of falling for a copycat website.
  2. Create a bookmarks folder in your web browser for websites you frequently need to log in to or visit, and only use the links in your bookmarks folder to access those sites.

If there are no obvious signs that the web address is a copycat, then it’s easy to check it for authenticity. You can learn how to do this on a touch screen and on a computer with a mouse. Let’s see how this works.

On touch screen

Copy/paste/review when using a touch screen device like a smartphone.

Tap to find out more

Arrow from theme security

Click to find out more

  1. Copy the web address by touching your finder onto the link and holding it there until a menu appears (you may already be able to see the web address in the menu, but if not, select Copy).
  2. Open a blank notepad or empty email on your phone and paste the URL (you may need to tap into the blank area and hold until a menu appears where you can select Paste).
  3. Review the web address to decide whether it’s trustworthy or suspicious.

On desktop

Hover and check when using a desktop device like a laptop or computer with a mouse.

Tap to find out more

Arrow from theme security

Click to find out more

  1. Hover over the link.
  2. Check the web address (usually previewed in the lower left-hand corner of the window) and decide whether it’s trustworthy or suspicious.

Try it yourself! Using the steps of copy/paste/review or hover/check, see if you can figure out where this link leads, without actually clicking on it: Link to a Tactical Tech mystery page.

By now, you’ve learned about a number of tricky web addresses, but there’s another major one which you may come across on a regular basis without realizing it—web addresses with trackers embedded directly into them.


All About Trackers

A tracker is a tool that is added to a website to follow its visitors’ journeys. Trackers:

  • Reveal how many visitors have viewed a web page.
  • Log which times the websites were visited by specific visitors.
  • Check which pages on a website visitors viewed.

Trackers are owned by companies who specialize in collecting information or finding patters and sit behind the scenes collecting a wide range of data.

Trackers collect all kinds of data, such as:

  • Your name
  • Your location (where you live and work, who you visit)
  • Your actions (what you look at online, the pictures you upload, the comments you make, the posts you like and share)
  • ... and much more.

Data collected about you can be used in various ways, like monitoring or influencing you. Imagine this: you’re shown misleading advertisements where unpopular officials appear to support causes you care about. Even if they’re dishonest claims, you might not realize it and could support them as a result.

One of the ways trackers recognize you is through your browser fingerprint, described below:

  • Trackers can see all kinds of details about your browser and taken together these details often form a unique or near-unique pattern that can be used to identify you.
  • Companies with trackers across multiple websites recognize the pattern as you and use your browser fingerprint to track your browsing habits.

You can see hidden trackers revealed when you analyze links you have received through an email or a WhatsApp message, or when you come across links on social media websites like Twitter and Facebook.

Let’s look at a BBC article link as an example, and see what happens to the original web address when it’s shared over Twitter and Facebook.

Original URL: https://www.bbc.com/news/uk-55176614

Twitter URL (short): https://t.co/mBUMseBWCW?amp=1

Twitter URL (short): https://t.co/mBUMseBWCW?amp=1

  • The original link has been completely changed, you can no longer see any parts of the original URL.
  • The URL has been passed through Twitter’s own link shortener and tracker, ‘t.co’.

Twitter URL (long): https://www.bbc.co.uk/news/uk-55176614?at_custom1=%5Bpost +type%5D&at_medium=custom7&at_custom3=%40BBCBreaking&at_custom2=twitter

Twitter URL (long): https://www.bbc.co.uk/news/uk-55176614?at_custom1=%5Bpost +type%5D&at_medium=custom7&at_custom3=%40BBCBreaking&at_custom2=twitter

  • The long-form URL begins with the original link, followed by a question mark. The Twitter tracker is everything that comes after the question mark.
  • Simply remove the question mark and everything that comes after it before sharing.

Facebook URL (long): https://l.facebook.com/l.php?u=https%3A%2F%2Fbbc.in%2F3mEHGLX&h=AT1LB9NA7sNpLlQGH0XDTRg- 3Zj10k0nwiZFoInVXwEsEPqeMQ...

Facebook URL (long): https://l.facebook.com/l.php?u=https%3A%2F%2Fbbc.in%2F3mEHGLX&h=AT1LB9NA7sNpLlQGH0XDTRg- 3Zj10k0nwiZFoInVXwEsEPqeMQ...

  • Notice that you can’t see the original URL anywhere here.
  • It’s unclear how to clean up the URL before visiting it.
  • If you can see the article title in the preview, run a quick web search to find the original link so that you can avoid clicking the tracker version altogether.

Another issue with trackers is that they may overstay their welcome, keep watching your activities, and recording your preferences even after you’ve closed out of the website, browser tab, or window. So, what can you do about that?

Additional tips to remove trackers from web addresses:

  • Download a browser extension such as Neat URL for Firefox or ClearURLs for Chrome to automatically strip URL-based trackers from links you click on.
  • Choose private browsers (like Firefox) that block some trackers by default. Most browsers, such as Firefox or Chrome, offer Private or Incognito browsing.
  • You may even want to use a separate web browser altogether (such as Tor Browser) just for your sensitive web activities like checking your bank account online.

Pass it on! Increasing your digital security can be as simple as following a few basic steps. Share this Data Detox with your friends, family, or co-workers, to help them take more care before clicking.

If these steps worked for you and you’re feeling more confident, learn to Let the Right One In: Make your passwords stronger.

Last updated on: 10/27/2021