Understanding links

It's important to stay safe online and one thing that's important to understand is how URLs work. We're not into scaring people – the World Wide Web is not a dangerous place if you just pay attention and stay a little aware.

One of the main ways people get caught out is by clicking on links they shouldn't – often in emails.

Link Destinations

If you hover over a link, in the bottom left hand corner of your screen you can usually see where that link is trying to take you. Without clicking on it, hover your mouse over this link and see where it says it'll take you. (You should see http://www.bbc.co.uk!)

Where a link says it's going on the surface, isn't always where it's actually going to take you. So like above where I wrote "over this link" and linked those words to http://www.bbc.co.uk, I could just as easily have written a different web address. Hover over the link below and see where that says it'd take you:

http://www.google.com

If you hover over that link you’ll still see http://www.bbc.co.uk in the bottom left of your screen. Haha! I tricked you! I said I was going to send you to Google, but if you'd clicked I've had sent you to the BBC!

So that’s the first thing – before clicking on a dubious link, or any link in an email, check that where it says it’s going looks anything like where it’s actually going.

Understanding URLs

Now this is slightly more complicated, but is still fine if you just take your time to understand it.

Sometimes, you’ll get an email claiming to be from Paypal or your bank or the Inland Revenue but really someone is trying to send you to their nasty spam website instead. So you need to look twice at where the link says it’s sending you.

Paypal’s URL is: http://www.paypal.com

In the URL above you can see “paypal” is next to the “.com”.

Now, Paypal are a big company, so they might have lots of different sections to their website and want to target you to the right place.

They might want to send you to a page such as: http://www.paypal.com/your-account.html

or

http://www.paypal.com/login

They might have what’s called a “sub-domain” which comes before the “paypal” part like this:

http://business.paypal.com

Or a page within a sub-domain:

http://business.paypal.com/your-account

They might even have sub-domains within sub-domains like:

http://new-customers.business.paypal.com/

And then want to direct you to the right place within that, like:

http://www.new-customers.business.paypal.com/login/your-page

Ok, so now we're getting a little more complicated! But, throughout all of the examples above, you’ll see that the "paypal.com" bit stays consistent. No matter what’s before or after it, the domain always includes paypal.com.

Now, if I was a nasty evil spammer up to no good, and trying to pass myself off as Paypal, I might try and get a domain that looks like Paypal’s:

http://www.paypal-payments.com

That should raise your suspision that they’re maybe not legitimate, so go directly to Paypal using the address bar on your browser and see if there’s anything on their website about the message they just sent you.

But I could be a nasty spammer trying to be a bit sneakier – with something like this:

http://www.paypal.sp.com

The above domain really means I’m sending you to sp.com, but I’ve created the sub-domains of www. and paypal.

Or I could have done:

http://www.paypal.com.sm.net

Or

http://www.paypal.com.sm.net/login

In both of the above 2 cases the domain is actually sm.net and I’ve just created sub-domains of www, paypal, and com.

But if this is the point where you go "Oh no, how will I know?!" it’s still very easy…the domain type (.com, .net, .co.uk, .biz, .co, .at etc.) is either last or is followed by a /

So it doesn’t matter if you can see .com in the middle of a link, it’s not last or doesn’t have /something-else after it, then it’s not the domain and it’s just a sub-domain made to disguise itself as a real domain.

Sometimes they can be very cunningly disguised – so if in doubt, or as a rule of thumb, don’t click on a link from an email that’s claiming to be something important or financial – go directly to the website and look for the information there.