June 23, 2017

Avoid Phishing: Learn to Spot Sham Domains

Phishing Attacks Depend on Sham URLs;
Understanding the Parts of a URL Can Help You Avoid Phishing Attacks




To reiterate, phishing is an attempt to gain someone's personal data by pretending to be someone reputable. Phishing attacks are often carried out via e-mail or social media postings.  These attacks depend on registering domain names CLOSE to those of the real company or person, or by "spoofing" a familiar contact.  Learning to spot sham domain names and e-mail address is key, so you can avoid falling victim to phishing.

Today's article is going to review the parts of a domain name, as well as it's construction.  Then, we have a quiz on domain names: Is the URL Legitimate? If you can learn to spot a sham URL, you will be able to avoid most e-mail phishing attacks. And if you haven't read them yet, our previous articles on phishing can be found at http://techlaurels.blogspot.com/search/label/phishing.


What Are the Parts of a URL?



A URL has several parts:
  • Protocol
  • Subdomain (optional)
  • Domain
  • Extension
  • File Name
Each part of the URL gives the browser information as to how to serve the page.  Keep reading for an explanation of each part of a URL.

Protocol:


The protocol tells the browser how one is wants to "fetch" information, as well as how the browser should present it. It is represented by the first several letters in your browser's address bar, the ones that come before the three characters "://".

There are many protocols, however a web page will always begin with either http (hypertext transfer protocol) or https (Hyper Text Transfer Protocol Secure.)  Another common protocol is ftp (file transfer protocol.) FTP addresses will upload or download content.

A good rule of thumb is that if the link does NOT start with http:// or https://, you should NOT click on it.  There are few legitimate reasons to include other protocols in an e-mail link. In fact, it is a good sign that the link will lead to malicious content.

Domain + Extension


The Domain Name is the most important part of a URL.  It tells the browser from what IP address to fetch a page.  A Domain Name consists of alphanumeric characters, a dot, and a TLD Extension. Dot Com is the most common TLD extension.  Others are .gov (government), .net, .org (for non-profits,) .biz, .and edu (for educational institutions,)  Each country also has its own country-specific domain name registry that they set the rules for.  The American country code is .us, Canada's is .ca, and the British use .uk.  British companies often use a .co.uk domain extension.

Subdomain


The subdomain is what comes between the protocol and the domain name, separated by a dot. Not every URL utilizes a subdomain.  WWW is actually a subdomain, indicating world wide web. Blogger uses subdomains for individual accounts.  For example, the url http://techlaurels.blogspot.com indicates techlaurels is a subdomain of blogspot.com.

Phishing attacks are notorious for using subdomains to trick you into thinking the URL belongs to another site.  They will buy an innocuous domain name, like giftcredits.com, and set up a subdomain in a retailer's name, in an attempt to fool you into thinking the URL leads to that retailer. For example, walmart.giftcredits.com leads to a subdomain of giftcredits.com. giftcredits.walmart.com leads to a subdomain of walmart.com. This distinction is VERY important.

File Name


A URL can point to a website, or it can point to a specific page within that website.  If there is a slash after the domain name, what comes after the slash is the file path. This may be a single file name, or a folder name, followed by another slash, and a file name. For example, http://techlaurels.blogspot.com/p/writing-services.html leads to a page called "writing-services" in a folder named "p".   http://techlaurels.blogspot.com/p/ would lead to the index page in a folder called "p".

A link that leads to a folder will generally lead to an html page. HTML is just the "language" in which static web pages are coded.

When looking at links, one must beware of clicking on ANYTHING that leads to an extension OTHER than htm, html, or pdf.  Phishing links will often include filenames ending in exe or php. Chances are. those extensions will lead you to executable content. Likewise, an extension ending in .js will run a script on your system.

Separators: Dot vs. Dash


A URL uses a dot as a separator.  In other words, a dot is a "special" character.  One cannot register a domain name that includes a dot as a character, as that dot gives the browser important instructions. The dot (or period) is used to separate a URL into its distinct parts.  It is ALWAYS a separator.

A dash, on the other hand, is treated like any other alphanumeric character.  It neither acts as a separator nor gives the browser special instructions. This is a VERY important distinction. Spammers often use these dashes to fool you into thinking something is a legitimate subdomain.

For example, giftcards.amazon.com and amazon.com/giftcards are both legitimate Amazon subdomains.  Cards.amazon-giftscards.com points to amazon-giftcards.com, rather than to any part of Amazon.com. Likewise notifications.ebay-bids.com does not belong to ebay, nor does bids.e-ebay.com. Notifications.ebay.com leads to a legitimate Ebay subdomain.

Can You Spot Sham URLs?

Techlaurels has created a ten question quiz to help you spot the sham URLs. If you have any difficulties with the embedded quiz, you can reach it at http://quizrevolution.com/QR2/ch/a252621/ . This quiz is hosted at QuizRevolution.com, a quiz hosting site that does NOT collect your personal data.  


How Did You Do?

How did you do on the quiz? Were you able to spot the sham URLs?  Share your scores in the comment section below.

Likewise, if you have any questions about URLs and how they are formed, leave those in the comments.  And as always, thanks for reading.




13 comments:

  1. Good day! Do you use Twitter? I'd like to follow you if that would be okay.
    I'm absolutely enjoying your blog andd look forward too new posts.

    ReplyDelete
    Replies
    1. You can find our Twitter at https://twitter.com/TechLaurels

      Delete
  2. My partner and I stumbled over here by a different web page and thought I should check things out.
    I lioke what I see so i am just following you. Look forward to
    looking into your web page repeatedly.

    ReplyDelete
  3. You're so awesome! I don't suppose I've read something like that before.
    So wonderful to discover someone with a few original thoughts on this subject matter.
    Seriously.. thank you for starting this up. This site is something that
    is needed on the web, someone with a bit of originality!

    ReplyDelete
  4. Yesterday, while I was at work, my cousin stole my apple ipad
    and tested to see if it can survive a twenty five foot drop, just so
    she can be a youtube sensation. My apple ipad is now destroyed and she has 83 views.
    I know this is entirely off topic but I had to share it with someone!

    ReplyDelete
  5. hello!,I like your writing very so much! share we keep in touch extra about your article on AOL?
    I need an expert on this area to unravel my problem.

    Maybe that is you! Taking a look ahead to see you.

    ReplyDelete
  6. Whats up tһis is kind of of off topic bսt I was wanting to know if Ƅlogs use WYSIWYG editorгѕ ᧐r if you have to manually code with HTML.
    I'm stагting a blog soon but have nno coding know-how so I
    wanted to get guidance from someone with experience.
    Any heⅼp woul bе enormously appreciated!

    ReplyDelete
    Replies
    1. Blogger does use a WYSIWYG editor, but it helps to know some basic coding to make things look the way you want.

      Delete
  7. Ηey I know thiѕ is off topic but I waѕ wondering if you
    knew of any wiԀgets I could add to my blog that аutomatically
    tweet my newest twitter updates. I've been looking for
    a pⅼug-in like tһiss for quite sоme time ɑnd was hoping mawybe you would have some еxperience wit somethіng like this.
    Please lеt me knopw if you run into anything. I truly
    enjoу reading your Ƅlkg and I look f᧐rward to your new updates.

    ReplyDelete
  8. Ԝhat's up everyоne, it's my first pay a quick visіt at
    this site, and article iѕ actually fruitful in favor of me, keep up posting such articles օr revieԝs.

    ReplyDelete

Thank you for contributing to the discussion! Your feedback is valued! (Unless you are a sunglasses or work at home spammer, in which case, your comment will be promptly deleted. :D) The Mods are reviewing it, to keep those types away! ;)