How To Read Web Addresses

Web address

Web addresses are the text that uniquely identify a website, such as "becybersafe.com". They're fundamental to the internet and the way we navigate between websites.

But because we rely on these addresses to know which website we're visiting, criminals have developed many tricks to deceive us - and to get us to visit their website instead of the one we wanted.

It may help therefore to explain domain names a bit, to make sure you always know what to look for.


Identifying the domain name

Domain names are a subset of the full web address (you may sometimes see this referred to as a "URL") and will always uniquely identify a website. This is important - it is the key to knowing if you're visiting a genuine company's website, or one run by criminals instead.

The tricky bit can sometimes be in working out what the domain name is, but once you know how then it's actually quite straightforward.

Extracting domain names from web addresses...

Web addresses are made up of lots of elements to help your computer find the website. In addition to the domain name, they may also include the communication method used (eg https or http), any subdomains, the pages or other resources requested, and other parameters as well.

Identifying the domain name from a web address

The steps to identifying the domain name from a web address are:

  • Start from the far left of the address and read right. Ignore the "http://" or "https://" and then read everything up to the next "/" character. If there is no "http://" or "https://" then simply read everything from the far left up to the first "/".
  • For example from the web address:

    • https://www.becybersafe.com/online/email-security.html

    You'll be left with:

    • www.becybersafe.com
  • What you have now is the part of the address that locates the website, being made up of several text labels seperated by dots. Each label becomes more localised as you read it from right-to-left - if it was a postal address it might be something like: housenumber.streetname.city.country
    • com - This is the "Top Level Domain (TLD)". There are many of these TLDs, such as .org or .net, as well as many that are country specific like .co.uk.
    • becybersafe - This is the main domain name. Together with the Top Level Domain (ie in this case "becybersafe.com"), this is the bit you should be interested in.
    • www - This is an example of a subdomain. www is extremely common but it can actually be anything, and there's no limit to the number of elements that can be used.

In the above example then, "becybersafe.com" is the domain name and tells you which website you're visiting.

Extracting domain names from email addresses...

In an email address the process is much easier - take everything to the right of the @ symbol & read from right-to-left as above. After the top level domain, the next label to the left is the domain name.

Identifying the domain name from an email address

So how about these?

In all the examples below, only the part in bold represents the domain name. The other parts are often padding that is intended to try and fool you - only the core domain name should be used when assessing if a website is genuine or not:

  • Web addresses:
    • www.mywebsite.com/home.php?www.hsbc.com
    • https://wellsfargo.security-alerts.com
    • twitter.trendingnow.com
    • http://www.bank.ofamerica.com/accountverification
    • http://wwwamazon.com/
    • www.facebook-security-alerts.com
    • https://www.amazon.order-updates.co.uk
  • Email addresses:

As you can see there's a few ways in which criminals try to fool us with domain names. These could include:

  • Using the company name elsewhere in the full URL (such as "www.amazon.order-updates.co.uk"),
  • Missing dots between labels (eg in the above examples, "wwwamazon"),
  • Splitting company names up with dots ("bank.ofamerica.com"),
  • And putting the genuine domain name to the right of the domain name ("mywebsite.com/home.php?www.hsbc.com").

They may also just simply use something that sounds similar to a genuine company ("facebook-security-alerts.com").


Other tricks used

In addition to tricking people into focusing on the wrong part of the address, fraudsters and other criminals have a few extra tricks up their sleeve.

Character substitution

Would you be fooled by the link:

Spoofed PayPal web address

This actually uses a capital i in place of the letter l in 'paypal'. In the browser it's extremely difficult to spot (try it, type it in!) and was a trick successfully used by a fraudster as early as 2000. The font that you view a domain name in can be critical - if you're ever unsure about a link simply copy it to a simple text editor (such as Notepad on Windows) as this will almost always show up any suspicious characters.

Some criminals are less subtle, relying on us quickly reading web addresses to miss obvious mistakes. wwww.bank0famerica.com anyone? Or maybe www.h5bc.com?

Websites can now also be created using letters other than Roman (the alphabet used for English) - this can lead to problems with some characters looking visually very similar to English letters. Some browser makers are now trying to develop features that will alert users to these websites automatically, but until then the best defence is to simply stay alert.

Change of top level domain

Another trick sometimes used is to swap out the top level domain, for example showing www.amazon.uk instead of amazon.co.uk, or www.facebook.uk.com instead of www.facebook.com.

Most tricks like this are very shortlived as the targetted company quickly hear about the attack and ask the internet authorities to take the spoofing domain name down, but criminals only need a few people to fall for it in that short time for it to be profitable for them.


So in summary...

Be careful when reading domain names!!


Have any feedback on this page? Let us know - [email protected]