I just saw a new (to me) way that people can scam you:
A legit website, followed by @ then another site, it will go to the second one...
Example:
https://google.com@t.ly/lUIOY
So usually it was enough to make sure that the beginning of the url is legit, but it seems no longer enough.
Maybe this has been around a while, but I've never come across it before.