Avoid Phishing: Learn to Spot Sham Domains

Phishing Attacks Depend on Sham URLs;
Understanding the Parts of a URL Can Help You Avoid Phishing Attacks

To reiterate, phishing is an attempt to gain someone's personal data by pretending to be someone reputable. Phishing attacks are often carried out via e-mail or social media postings.  These attacks depend on registering domain names CLOSE to those of the real company or person, or by "spoofing" a familiar contact.  Learning to spot sham domain names and e-mail address is key, so you can avoid falling victim to phishing.

Today's article is going to review the parts of a domain name, as well as it's construction.  Then, we have a quiz on domain names: Is the URL Legitimate? If you can learn to spot a sham URL, you will be able to avoid most e-mail phishing attacks. And if you haven't read them yet, our previous articles on phishing can be found at http://techlaurels.blogspot.com/search/label/phishing.

What Are the Parts of a URL?

A URL has several parts:

• Protocol
• Subdomain (optional)
• Domain
• Extension
• File Name

Each part of the URL gives the browser information as to how to serve the page.  Keep reading for an explanation of each part of a URL.

Protocol:

The protocol tells the browser how one is wants to "fetch" information, as well as how the browser should present it. It is represented by the first several letters in your browser's address bar, the ones that come before the three characters "://".

There are many protocols, however a web page will always begin with either http (hypertext transfer protocol) or https (Hyper Text Transfer Protocol Secure.)  Another common protocol is ftp (file transfer protocol.) FTP addresses will upload or download content.

A good rule of thumb is that if the link does NOT start with http:// or https://, you should NOT click on it.  There are few legitimate reasons to include other protocols in an e-mail link. In fact, it is a good sign that the link will lead to malicious content.

Domain + Extension

The Domain Name is the most important part of a URL.  It tells the browser from what IP address to fetch a page.  A Domain Name consists of alphanumeric characters, a dot, and a TLD Extension. Dot Com is the most common TLD extension.  Others are .gov (government), .net, .org (for non-profits,) .biz, .and edu (for educational institutions,)  Each country also has its own country-specific domain name registry that they set the rules for.  The American country code is .us, Canada's is .ca, and the British use .uk.  British companies often use a .co.uk domain extension.

Subdomain

The subdomain is what comes between the protocol and the domain name, separated by a dot. Not every URL utilizes a subdomain.  WWW is actually a subdomain, indicating world wide web. Blogger uses subdomains for individual accounts.  For example, the url http://techlaurels.blogspot.com indicates techlaurels is a subdomain of blogspot.com.

Phishing attacks are notorious for using subdomains to trick you into thinking the URL belongs to another site.  They will buy an innocuous domain name, like giftcredits.com, and set up a subdomain in a retailer's name, in an attempt to fool you into thinking the URL leads to that retailer. For example, walmart.giftcredits.com leads to a subdomain of giftcredits.com. giftcredits.walmart.com leads to a subdomain of walmart.com. This distinction is VERY important.

File Name

A URL can point to a website, or it can point to a specific page within that website.  If there is a slash after the domain name, what comes after the slash is the file path. This may be a single file name, or a folder name, followed by another slash, and a file name. For example, http://techlaurels.blogspot.com/p/writing-services.html leads to a page called "writing-services" in a folder named "p".   http://techlaurels.blogspot.com/p/ would lead to the index page in a folder called "p".

A link that leads to a folder will generally lead to an html page. HTML is just the "language" in which static web pages are coded.

When looking at links, one must beware of clicking on ANYTHING that leads to an extension OTHER than htm, html, or pdf.  Phishing links will often include filenames ending in exe or php. Chances are. those extensions will lead you to executable content. Likewise, an extension ending in .js will run a script on your system.

Separators: Dot vs. Dash

A URL uses a dot as a separator.  In other words, a dot is a "special" character.  One cannot register a domain name that includes a dot as a character, as that dot gives the browser important instructions. The dot (or period) is used to separate a URL into its distinct parts.  It is ALWAYS a separator.

A dash, on the other hand, is treated like any other alphanumeric character.  It neither acts as a separator nor gives the browser special instructions. This is a VERY important distinction. Spammers often use these dashes to fool you into thinking something is a legitimate subdomain.

For example, giftcards.amazon.com and amazon.com/giftcards are both legitimate Amazon subdomains.  Cards.amazon-giftscards.com points to amazon-giftcards.com, rather than to any part of Amazon.com. Likewise notifications.ebay-bids.com does not belong to ebay, nor does bids.e-ebay.com. Notifications.ebay.com leads to a legitimate Ebay subdomain.

Can You Spot Sham URLs?

Techlaurels has created a ten question quiz to help you spot the sham URLs. If you have any difficulties with the embedded quiz, you can reach it at http://quizrevolution.com/QR2/ch/a252621/ . This quiz is hosted at QuizRevolution.com, a quiz hosting site that does NOT collect your personal data.  

How Did You Do?

How did you do on the quiz? Were you able to spot the sham URLs?  Share your scores in the comment section below.

Likewise, if you have any questions about URLs and how they are formed, leave those in the comments.  And as always, thanks for reading.