Carnegie Mellon University

Safe Internet Browsing

The internet allows users to connect to a vast range of networks, information resources, and online services instantaneously. Being on a safe network is an important first step, however it is only the start and is not always reliable. As our interactions with technology continue to change, the ways scammers try to reach us also evolve. We need to be alert to internet scams and avoid dangerous situations.

Identifying Safe URLs

Any time you want to visit a website, you will need its URL.  A URL is a web address. It tells a device how to find that website. Typing a URL directly into a browser’s address bar will take you to that specific website. URLs can also be found as links in clickable text, graphics, or buttons. Not every link is safe, even links on legitimate websites.

Scammers use malicious URLs and websites to:

  • Steal your credentials
  • Trick you into downloading malicious software
  • Present you with false information that looks legitimate

Take a close look at the following examples. They both claim to go to University Bank's website.


These URLs share some similarities, but they also contain differences that could be costly if clicked. These URLs point to completely different websites. The domain name acts like a home address for the website. It helps to identify the website's owner.

Looking at the previous domain names we can see: goes to, while goes to

Connection Type: HTTP and HTTPS

HTTP and HTTPS refer to the type of connection a website uses. Information sent to a site using HTTP can easily be read by hackers and scammers.

HTTPS doesn't mean a website is safe, as the site could be compromised, however it does indicate that the website uses encryption between your machine and the website. The "S" in HTTPS stands for secure. When visiting secure websites, be sure your URL contains HTTPS.

URL Domain Scams

Scammers attempt a variety of tricks in order to scam users into visiting malicious sites. Below are a few of the most common URL tricks that scammers will use.

Shortened URLs
Shortened URLs are forwarding addresses for longer links. Attackers may use link shortening tools on the internet such as in order to conceal a link's true destination. If you want to know the true destination of a shortened URL, you can search the web for a URL expander. Copy the URL and paste it into the tool to find out where the URL truly goes. 

Number Based Links
Most companies use words, not numbers in their domain names. They do this for easy navigation to their website. Be sure to avoid links that contain four sets of numbers as most of the time they are malicious domains.

Look-alike Domains 
Cyber criminals will attempt to deceive users by substituting letters and numbers to make a URL appear identical to a legitimate site. For exampe, the 0 (number) and the O (letter), l (lowercase letter) and I (uppercase letter), or vv (as w). Carefully review domains and check for letter substitution.

Interacting with URLs

When visiting URLs there are a few things you can do in order to stay safe.

Hover your Cursor 
If you have a mouse cursor, hover over the link.  Depending on your browser, you will see the true destination of the URL in the bottom left corner of the screen or directly near your mouse cursor. If you are on a mobile device, you can attemp to long press and hold in the URL which will reveal a snapshot of where the URL is being directed. 

Use a Search Engine
Use a search engine to see if the website name and domain name match. Be sure to put the URL in the search engine and not directly into the address bar.  

Use a Trusted Source
If you have the website bookmarked in your browser, use that instead of the link. If you already know the correct web address, such as, type it into the address bar instead of clicking the link.