URL Query Token
Long codes added to a link that can identify or track you, or tie a phishing page to you.
How it appears in scam messages
Some scam links carry a long string of characters after the address — a tracking or identifying token tied to your phone number or email. It lets the scammer know exactly who opened the link, pre-fill a phishing form with your details, or confirm that a number is active and worth targeting again. The link often looks personalised because of it.
Example only - do not act on it
Example only: a 'personalised' link that already shows your name or number, ending in a long random tracking code. [link removed]
Why it matters
Tokens can personalise scams and leak information.
Common red flags
- A link with a long random code after the address
- The page already knows your name, email, or number
- A message claiming the link is 'just for you'
- Opening it leads to more targeted messages
Safe next steps
- Stop and verify through official channels you find yourself
- Never share codes, passwords, or card details from a message
- Use the message checker if you are unsure
- Report and block the sender
Related scam-type hubs
Related red flags
Frequently asked questions
How can I avoid url query token?
Slow down, never act on urgency, and verify through official apps or websites you open yourself. Use the free checker if a message seems off.
What if I have already been affected?
Contact your bank or the relevant provider through official channels, change any exposed passwords from a trusted device, and save evidence. See our recovery guides.