Sometimes you can tell if a site is malicious just by taking a look at the URL: the actual web address. For example, a site with a name like BitTorrent.com is more trustworthy than something like free-movie-downloads-for-you.com.bz. A 2009 study looked at properties of a URL that could indicate a malicious website and found a few naming styles that should set off alarm bells in your head [source: Ma].
- Is the .com (or .net or .org) in the wrong place? For example, is the URL ebay.com or ebay.com.phishy.biz? In the second scenario, the .com isn't the suffix for the URL, it's a subdomain they're using to make the URL intentionally misleading.
- Does the domain name seem way too long? Researchers found that extremely long domain names, like freedownloadsforyouandyourfriends.com, are more risky than shorter names like rapidshare.com.
- Are there a lot of delimiters in the domain name? A delimiter is a symbol like a dash, underscore, or even a question mark to break up text. This kind of goes hand in hand with long domain names. You want to avoid sites with names like download_your-favorite?movies.com.
Another red flag is something called "keyword stuffing." This is a search engine optimization tool that shady web designers sometimes use to get their sites to rank high in search engines like Google [source: Emisoft]. A reputable site doesn't have to call itself free-music-downloads.com and use the phrase "free music downloads" in every sentence on the site's main page to come up as the top search result when you Google "free music downloads."