08.07.2025 - The summer holidays are here, bringing a chance to relax, recharge, and perhaps enjoy some peaceful moments by the sea. Since many people have a bit more time to read, we are taking the opportunity to help you boost your cybersecurity awareness over the next six weeks. During the summer holidays, we repeatedly receive reports about online shops, phishing attempts, and other tricks cybercriminals use to exploit the season for their schemes.
Our summer series kicks off with a look at URLs and links – building blocks of our digital lives. We regularly receive reports about phishing emails that attempt to trick people into clicking on fraudulent links. In this article, we explain what the terms 'link' and 'URL' mean, how the underlying technology works, and how to handle links safely.
What are links and URLs?
Links are fundamental to how the internet works today and were central to the original idea behind the world wide web. They make it possible to connect web pages, open email programs from a website with the correct recipient already filled in, or access content from an email with a single click. The visible text that you click on is the link (for example, 'NCSC website'), while the underlying address that the link points to (for example, 'www.ncsc.admin.ch') is the URL (uniform resource locator). In everyday use, the two terms are often used interchangeably.
What does a link look like?
A link is usually embedded in text, for example on a website or in an email. It is often recognisable by its colour, underlining or a clickable button. Sometimes, a link may also be hidden behind an image.
The risk with links
While links are easy to recognise, it’s not always clear where they lead. The text or button containing the link can be designed to look however you like and does not have to reflect the real destination. This leaves room for abuse: a link might say something like "Company X website", but actually take you somewhere completely different, such as a phishing page.
The parts of a URL
A typical URL includes a 'protocol' (usually HTTPS), the 'server name' that the link leads to and, often, a 'path'. Other elements can also be added – to keep things simple, we’ll focus on the most common types of URL here.
To be able to recognise suspicious links, you need to understand how the key parts of a URL – the protocol, server, path, and anything that follows – are separated:
In a URL, the server name, domain and top-level domain (for example, .ch or .com) are separated by full stops. The parts of the path are separated by forward slashes. The server and domain name can contain letters, numbers, and hyphens, but no other special characters and certainly no slashes. After the full server and domain name, the next character is usually one of the following: /, #, or ?.
This may sound a bit technical, but it’s important. Scammers often manipulate these details to make fake URLs appear legitimate. This is a form of spoofing. Using hyphens to mimic a legitimate name is a common tactic.
Examples of commonly spoofed domains:
Below is a non-exhaustive list of domains frequently imitated by scammers, shown in their correct form:
- Authorities: admin.ch, be.ch, zh.ch (and all other cantonal abbreviations)
- Post and parcel services: post.ch, dhl.com, ups.com, fedex.com
- Transport: sbb.ch, swisspass.ch, swiss.com
- Telecom and internet providers: swisscom.ch, swisscom.com, sunrise.ch, sunrise.net, salt.ch
- Financial institutions: ubs.com, raiffeisen.ch, twint.ch
As mentioned earlier, hyphens can appear within domain names, but not to separate the different parts of a URL. That’s what full stops are for.
Once you know this, it becomes easier to spot domains designed to mislead you:
| Correct | Spoofed |
| www.post.ch | www-post.ch |
| login.ubs.com | login.ubs-com.net |
You’ll often see URLs written without 'https://' at the start, which is fine. Modern browsers usually assume either HTTP or HTTPS and will try to use the more secure HTTPS connection automatically if it is available.
Even the top-level domain – the last part of a web address – can be a clue: In Switzerland, legitimate companies typically use .ch, .swiss or sometimes .com. By contrast, some top-level domains are rarely used for legitimate purposes and often appear in scams –
for example, .top, .sbs, .cfd, .xyz, .vip, .cc, .co and .life.
Domains that look alike
Another tactic that scammers use is to create 'look-alike domains' – web addresses that closely resemble legitimate ones. These can involve character combinations that look very similar to other characters, or the use of international characters, such as Cyrillic or Greek letters, that closely resemble those in the Latin alphabet.
Examples:
| Correct | Spoofed |
| www.admin.ch | www.adrnin.ch (r and n together look like an m). |
| www.vogelwarte.ch | www.vogelvvarte.ch (two v instead of a w). |
Short Links
There are now countless services that create short links – shortened URLs that don’t show the full address at first but lead you to the real (sometimes very long) web address. The idea is to make links easier to share or to remember. Unfortunately, scammers often use short links to hide where a link actually leads, especially in text messages. Common short links often start with:
- bit.ly
- t.co
- tinyurl.com
- cutt.ly
Be cautious when you see links like these. Short links are rarely used in legitimate messages.
How to check where a link leads
The important thing is not to click on a link blindly, but to check the URL it points to first. So how do you make a URL visible?
On a computer, the easiest way is to hover your cursor over the link (in an email or on a website) without clicking on it. In most programs, the destination URL will appear either next to your cursor or in the bottom corner of the screen.
Many programs also let you right-click a link to copy it. You can then paste it into a text editor to examine it or into the address bar of your browser – just make sure you don't press Enter. If anything seems suspicious, don't open the page. Delete the message instead.
On a smartphone, making a URL visible is a bit trickier. If you can't check the email on a computer or forward it to one, in most cases you can press and hold a link for a moment to open a context menu showing the full URL address.
Recommendations
- Beware of suspicious requests. Do not give out any information on websites that you visit through a link sent to you by a stranger.
- Never enter passwords, codes or credit card details on a page that you have opened via a link in an email or text message.
- Remember that email sender IDs and phone numbers can be easily spoofed.
- Be especially careful with short links. Always check that you have landed on the correct page.
- Phishing messages can be reported to the NCSC here: antiphishing.ch / reports@antiphishing.ch.
Current statistics
Last week's reports by category:
Last modification 08.07.2025
