How To Read Web Addresses
We use web addresses to find the pages that we want on the internet. They're fundamental to how the internet works and how we navigate between websites.
But because we rely on these addresses to know which website we're visiting, criminals have developed many tricks to deceive us - and to get us to visit their website instead of the one we wanted.
It may help therefore to explain their structure and domain names a bit, to make sure you always know what to look for.
Identifying the domain name
Domain names are a part of the full web address (which you may sometimes see referred to as a "URL") that will always uniquely identify a website. Examples of domain names include becybersafe.com and amazon.com.
This is important - identifying the Domain Name from within a full web address is the key to knowing if you're visiting a genuine company's website, or one run by criminals instead.
The tricky bit can sometimes be in working out what the domain name is from the full web address that you see, but once you know how to recognise it then it's actually quite straightforward.
Extracting domain names from web addresses...
Web addresses are made up of lots of elements to help your computer find the webpage you're looking for. In addition to the domain name, they may also include the communication method used (eg https or http), any subdomains (where you normally see the www), the pages requested, and other parameters as well.
The steps to identifying the domain name from a web address are:
- Start from the far left of the address and read right. Ignore the "http://" or "https://" (if there is one) and simply read everything up to the next "/" character.
- https://www.becybersafe.com/online/email-security.html
- www.becybersafe.com
- What you have now is the part of the address that locates the website, being made up of several text labels seperated by dots. Each label becomes more localised as you read it from right-to-left - if it was a postal address it might be something like: housenumber.streetname.city.country
- com - This is the "Top Level Domain (TLD)". There are many of these TLDs, such as .org or .net, as well as many that are country specific like .co.uk.
- becybersafe - This is the main domain name. Together with the Top Level Domain (ie in this case "becybersafe.com"), this is the bit you should be interested in.
- www - This is an example of a subdomain. www is extremely common but it can actually be anything, and there's no limit to the number of elements that can be used. For our purposes here you can ignore this label; it has no bearing on who really owns the domain name.
For example from the web address:
You'll be left with:
In the above example then, "becybersafe.com" is the domain name and tells you which website you're visiting.
Criminals will often try to add lots of padding text into a web address to confuse & fool you, for example putting legitimate brand names into the sub domain in the hope that users think this is the domain name.
Extracting domain names from email addresses...
In an email address the process is much easier - take everything to the right of the @ symbol & read from right-to-left as above. Along with the top level domain, the next label to the left is the domain name.
So how about these?
In all the examples below, only the part in bold represents the domain name. The other parts are often padding that is intended to try and fool you - only the core domain name should be used when assessing if a website is genuine or not:
- Web addresses:
- www.mywebsite.com/home.php?www.hsbc.com
- https://wellsfargo.security-alerts.com
- twitter.trendingnow.com
- http://www.bank.ofamerica.com/accountverification
- http://wwwamazon.com/
- www.facebook-security-alerts.com
- https://www.amazon.order-updates.co.uk
- Email addresses:
- yahoo@security-team.uk.com
- david.frankson@britishairways.fraudteam.com
- customer_relations@sky.satellite-tv.co.uk
As you can see there's a few ways in which criminals try to fool us with domain names. These could include:
- Using the company name elsewhere in the full URL (such as "www.amazon.order-updates.co.uk"),
- Missing dots between labels (eg in the above examples, "wwwamazon"),
- Splitting company names up with dots ("bank.ofamerica.com"),
- And putting the genuine domain name to the right of the domain name ("mywebsite.com/home.php?www.hsbc.com").
They may also just simply use something that sounds similar to a genuine company ("facebook-security-alerts.com").
Other tricks used
In addition to tricking people into focusing on the wrong part of the address, fraudsters and other criminals have a few extra tricks up their sleeve.
Character substitution
Would you be fooled by the link:
This actually uses a capital i in place of the letter l in 'paypal'. In the browser it's extremely difficult to spot (try it, type it in!) and was a trick successfully used by a fraudster as early as 2000. The font that you view a domain name in can be critical - if you're ever unsure about a link simply copy it to a simple text editor (such as Notepad on Windows) as this will almost always show up any suspicious characters.
Some criminals are less subtle, relying on us quickly reading web addresses to miss obvious mistakes. wwww.bank0famerica.com anyone? Or maybe www.h5bc.com?
Websites can now also be created using letters other than Roman (the alphabet used for English) - this can lead to problems with some characters looking visually very similar to English letters. Some browser makers are now trying to develop features that will alert users to these websites automatically, but until then the best defence is to simply stay alert.
Change of top level domain
Another trick sometimes used is to swap out the top level domain, for example showing www.amazon.uk instead of amazon.co.uk, or www.facebook.uk.com instead of www.facebook.com.
Most tricks like this are very shortlived as the targetted company quickly hear about the attack and ask the internet authorities to take the spoofing domain name down, but criminals only need a few people to fall for it in that short time for it to be profitable for them.