Celebrate Scam Awareness Week by checking the URL

It’s National Scam Awareness Week, and that means having a discussion on the importance of being scam aware, of being smart about scams, and how one trick could save you.

We’re all used to the monotony of junk mail, of spam that can slip through the filters of your email inbox and get under your skin, and we know how to handle those messages. A quick delete will generally deal with the minor annoyances of junk email, but what about when it’s something more?

But what do we all do when we’re dealing with junk mail of a different nature? What if the message is a little more insidious in nature, and is going after our details by pretending to be something else?

The great pretender

Scam messages have to pretend to be something else to get your attention, to force your hand and get you to touch a link. Scam messages have to pretend to steal your details, and scammers are employing our lack of knowledge against us.

Scam Awareness Week is about making people aware of scams and how scams work, because there are a lot out there. Whether your Facebook details are under attack or whether the scammer is simply looking for your current password, there’s a good chance someone is hoping to make money off you by taking something personal and using it for their personal gain.

There are scams out to steal useful information that can be sold and scams that use outdated useful information about you in order to extort, but the simple reality is that there are a lot of scams because it’s a big business.

Last year, the Australian Competition and Consumer Commission found that almost half a billion dollars was lost to scams, with the number an increase on the previous year. It’s no wonder that the amount of scams appears to be increasing, and that everyone is increasingly targeted.

It means we need to be ever more vigilant and on the look out for these great pretenders, for these disguised and masked messages attempting to fleece and con.

They come in various ways and in numerous configurations, but there’s one trick you can rely on to verify a message and website doesn’t scam you every time: the URL.

It’s why this week, for National Scam Awareness Week, we’re suggesting you get familiar with the URL in your web browser, and learn what it does, how it works, and how scammers take advantage of our lack of knowledge on the URL.

What is the URL?

URL

URL stands for “uniform resource locator”, but you don’t need to know that jargon. All you really need to know is that the URL is the website address of any website.

A URL goes into the search bar in modern day web browsers, something we call the “omnibar” because it serves both search and running a web address.

Every URL is specific to a website and location of the web pages it serves, and it’s something that can’t be faked.

Australia Post owns auspost.com.au while Facebook owns facebook.com, much like how Google owns google.com and youtube.com (or they own them for however long they keep paying for them). This ownership means scammers can’t just use the same website address, because they don’t have the access necessary to change these details.

But scammers know that most of us don’t know how a URL and website address actually works, and so they rely on a trick of the address that many fall for: scammers use a portion of the website address we are familiar with in their fake address, and that convinces many to click.

The area scammers tend to target is the front, where the www dot whatever would typically go. This area can be faked, because often we’re just looking for confirmation of something being there, and if we see the right address — if we see facebook.com in any section, for instance — we think the address is correct.

URLs can be tricked, however, and what you should be paying attention to is the back part of that main address. Essentially it’s between the https and before the backslash, because it’s here you’ll find the actual address.

Website addresses can be manipulated in this way, and if a scammer purchases notarealwebsite.com.au and wants to make the domain resemble something like Facebook, they might use the website https://facebook.com.notarealwebsite.com.au to trick users into clicking. In that example, a user might only see the facebook.com part of the link, and click on what is clearly a fake link.

Always check the URL

URL bar

A website address is unique, and is one of the things you should always be checking. If you’ve been taken to a website to enter details, check the URL to make sure it’s authentic.

Regardless of whether you’re on a web browser on your phone, a tablet, a laptop, or a desktop (even on your TV), the URL can be checked because it’s at the top of the screen.

Click on the bar where the URL is and it should open up to reveal the entire address.

You may not need to, either. Depending on the browser you’re using, you may see the website sitting in the centre, giving you something to look at without trying.

That URL should match up with the one you know. It should match up with something you’re familiar with.

If it’s Facebook, it needs to be facebook.com. If it’s Google, it needs to be google.com or google.com.au. If it’s Australia Post, ideally you want it to be auspost.com.au, or if it’s a link from a delivery, mypo.st.

Make sure the website address (the URL) matches up with what it should be. Scammers can’t make a website that comes from those places, only one that looks like those places.

Check the URL everywhere

It’s not just a lesson for the web browser, but one for emails and SMS, as well.

The URL can be hidden or masked in an email, but if you hover over a link, you should see the real link. In an SMS, the URL can’t be hidden easily, so if you glance at the link, you should know how to work out what you’re seeing.

Once you start checking the URL, you’re closer to stopping scammers from catching you out using one of their favourite tricks.