Protect yourself: learn how to spot an online scam in seconds

Nov 11, 2020 Updated: Nov 11, 2020 4 min read

Links, Facebook, emails, texts are all delivery methods for scams. I’m going to show you how to spot one in seconds.

Check the URL

Before you click on a link or if you already have the first thing to do is CHECK THE URL! For those who don’t know the URL is in the address bar or its the link you're about to click on. This literally takes seconds to do.

an example URL https://johnpuaoi.com/blog
an example link https://johnpuaoi.com/blog/quickbooks

a. HTTPS & SSL

There is so much a URL or link can tell you. First thing to check in both is that they start with ‘https’, not just ‘http’. The difference between the two is that ‘https’ uses a secure protocol and it has an SSL certificate. With https you’ll also see a padlock on the left of the URL.

So it means any information collected or transferred on an ‘https’ site is protected and secure, whereas ‘http’ would be unsecure.

Virtually every trustworthy site will be using https as it is a sign of trust and security. So, if you see that a site is using http instead of https, leave, do not enter any of your information.

Remember http is unsecure so your info could be stolen by an attacker. Not using https also shows that the site owner/operator does not care about your info and most likely could be categorized as a spam or scam site. (keyword, likely not definitively)

One thing to note is that some scammers have caught on to people not trusting non-https sites, so having https and ssl is not a definitive way of telling if the site is legit or not. It is a helpful factor though.

b. KEYWORDS & SPELLING

The next thing to check in a URL is keywords. Every URL on the web is unique and sometimes scammers will create look-a-like websites, meaning they look like a well known website but it's actually not.

A great example of this was a Netflix scam that went viral. Scammers created a website that looked just like Netflix, the layout, colors and logo too, it all looked exactly like Netflix’s website.

The difference, the scammers intentionally misspelled the domain (e.g thisisadomain.com) in the URL. It was similar to netflix.com except it was netflicks.com.

These scammers sent out emails saying to users that they’re billing info needed to be corrected. So click on a link they were taken to the look-a-like netflix site and entered their payment credentials, thinking it was for netflix.

It's a very sneaky way to steal info, always check that the url and site match, same name, correct spelling, etc.

Domains are also unique when they are registered and sometimes companies don’t purchase any other domain other than the .com version. There are lots of different domains besides .com such as .net, .gov, .us, .io, etc.

Like for my website I use two domains johnpuaoi.com and johnpuaoi.tech. The first domain with .com was my original domain and because most people are only familiar with .com, I kept it.

I also have a domain with .tech because it gives right off the bat info about what I do. Someone headed to johnpuaoi.com may not know what I do but heading to johnpuaoi.tech they can deduce from my domain that I deal with tech.

Anyway my point is, you have to check the domain ending too. Most big companies purchase the other popular domain endings so that other businesses can’t piggy back on their biz.

However, smaller companies may only own a .com domain or .net. As for mines I only own johnpuaoi.com or johnpuaoi.tech so any others are not mine.

Links make things even sneakier for us.  On a web page this is how code for a link looks like.

<a href=”http://imgonnagetyourinfo.com”>Click here to update your info</a>
HTML Code for a link

Don’t worry I’m not going to lecture you about code, I am just going to tell you what you need to know.

See the wording after “href=” that is where this link will lead to, however you don’t see the code, all you as a user will see is the working between the <a>You’ll only see what the developer writes in here</a> tags.

Going with our example from above you may see ‘Click here to update your info’ but yet you're headed to a completely different site.

A good way to get around this is to right click on the link and click ‘copy link address’, then head to google or whatever you use, type the word ‘search’ and paste.

I suggest typing the word ‘search’ or any word really, before pasting so that if you accidently hit enter, it will do a google search instead of taking you to a potentially harmful site.


Now you are able to see the entire URL and check where it leads to.

CONCLUSION

Always check your URL and where links lead to, especially if the source of the URL or link is from a little known site or unknown sender of an email.

I have a Facebook group set up that I post different online scams I have identified. You can join by clicking the link below.

Join Online Scam Alerts Facebook Group

Have a wonderful day, mahalo nui for reading, share with others if you can!