URL phishing isn’t an emerging scam, but rather one that most people have been exposed to, maybe without even knowing. It’s the link included in spam emails, text messages and ads that direct unsuspecting victims to malicious websites. This tactic allows scammers to look legitimate and trick you into revealing your personal and/or financial information, they can even install malware on your device.
Here are five ways to identify URL phishing:
- Inspect the Domain
The domain portion of the URL provides insight to the source of the link. The domain is found between “http://” and the first “/”. Also, make sure the domain suffix is the correct one.
For example, The Merrimack’s domain is https://www.themerrimack.com/ or themerrimack.com. The domain suffix is “.com”.
- Hyphens & Symbols
To trick you, scammers use hyphens and symbols in malicious links along with the known brand.
For example, https://www.the-merrimack.com/.
- Number Domains
Watch out for domains made up entirely of numbers (i.e., http://101.10.1.101). With these domains there’s no way to know the owner of the domain.
- Shortened URLs
Scammers take long URLs and shorten them to disguise their original link. This allows scammers to take their suspicious link, which most likely includes one or more of the red flags above, and shorten it to hide the domain.
- Spoofed Links
Just like phone numbers and emails, scammers can alter a malicious link to look like the legitimate one. To get you to click, they attach the links to text, logos and images.
Think before you click! You can inspect links and reveal hidden URLs by simply hovering your mouse over the screen. When in doubt, do some research to find the legitimate source.
If you are a Merrimack customer and are concerned your personal or financial information was compromised, please call us directly at 603.225.2793.