Reading a URL to Tell if It's Real or Fake
August 23, 2022
Knowing how to read a URL has become an essential skill for everybody, not just network admins and web developers. URLs are how many scammers and phishers attack their victims. These fake URLs can get to inboxes, Slack channels, text messages, or message queues in social media platforms.
In this post, we will walk you through how to read a URL. Reading a URL, which breaks it down into its constituent parts, makes it easy to decide if a URL is real or fake.
Reading URLs takes a little practice. There are just a few things to look for when you examine an URL.
It's easiest to read from right to left.
👉 The primary thing you need to locate is the root domain. The root domain is the "apple" in "apple.com" and the "slack" in "slack.com". Finding the root domain of a URL will help telll you if it's a real or fake domain. Here are the steps to follow:
Here's an example: https://support.apple.com/sakjdhi8?df8vdf/vv98df987
Don't let the long sequence of characters on the right fool you.
Once you find the root domain, you can find the subdomain. If there's a period to the left of the root domain and then more text to the left of the period, this extra text is a subdomain. The owner of the root domain can use whatever subdomains they want. For example, let's deconstruct the following domain.
For the above domain, the root domain is "reset-my-account" and the subdomain is "slack". The root domain is not "slack".
Most companies use subdomains for various products, features, or functions. In the case of Slack, they use subdomains for customer workspace like workspace-name.slack.com
🤕 One trick attackers often us is to buy and use root domains that look like real domains.
👉 Here are come common tricks:
After you find the root domain, examine it to make sure it is the word you think it is.
🦹♀️ Attackers will try to make domain names seem overwhelmingly long and complex to make it so you don't look for the root domain. They can add 100s of characters to the right side of a domain.
It doesn't matter how long the sequence of characters on the right is, just follow the rules for finding the root domain. To recap:
👉 Look for the "/" (single slash) farthest from the right. If there is no "/" in the domain, then you are going to start at the far right character of the domain.
👉 Once you find the right "/" , the next section of the URL will be the type of domain - .com, .co, me, .io, .ru, on and on. The left side of the domain type will be a "."
👉 To the left of the domain type is the root domain. This is sandwiched by a "'." on both sides.
👉 To the left of the rood domain are subdomains or nothing. We'll learn mroe about subdomains in a future lesson.
Remember - always find the root domain before clicking on a URL.
Given how important it is to be able to read a domain to protect yourself from phishing attacks, we created a URL game. This game, taken 100% in Slack, asks users to decide if a URL is real or fake. Based on user responses, the game logic presents various trainings on how to read a domain.
If you want to see a demo or get a trial of Haekka security and privacy games in Slack, schedule it here.
Schedule a demo
Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.