The URL — short for Uniform Resource Locator — is the address of a webpage. Scammers create fake websites that are nearly identical to the original, and this often includes setting up a domain that’s almost the same as the domain of the site they’re impersonating. This is the first thing you should check to determine if you’re at the right place. For a start, look for misspellings and extra characters.
For example, a scammer might set up a fake website at amazzom.com, to trick people into thinking they’re browsing Amazon, which is located at amazon.com. The original URL looks like this, “https://www.amazon.com/.” The URL of our hypothetical fake website would look something like, “http://amazzom.com.” Note the difference in protocols as well — reputable organizations use HTTPS (Hypertext Transfer Protocol Secure), as opposed to HTTP (Hypertext Transfer Protocol). The HTTPS prefix means that your information is encrypted in transit, but can be time-consuming or costly to set up, so often, scammers don’t bother.
In general, this is how most phishing scams work. It all revolves around impersonating a legitimate business or organization to steal sensitive information from people, such as credit card numbers, so make extra sure that you check the URL is the real one before clicking.