Reading a URL to Tell if It's Real or Fake

Travis Good
August 23, 2022

Knowing how to read a URL has become an essential skill for everybody, not just network admins and web developers. URLs are how many scammers and phishers attack their victims. These fake URLs can get to inboxes, Slack channels, text messages, or message queues in social media platforms.

In this post, we will walk you through how to read a URL. Reading a URL, which breaks it down into its constituent parts, makes it easy to decide if a URL is real or fake.

Finding the root domain

Reading URLs takes a little practice. There are just a few things to look for when you examine an URL.

It's easiest to read from right to left.

๐Ÿ‘‰ The primary thing you need to locate is the root domain. The root domain is the "apple" in "apple.com" and the "slack" in "slack.com". Finding the root domain of a URL will help telll you if it's a real or fake domain. Here are the steps to follow:

  1. Look for the "/" (single slash) farthest from the right. If there is no "/" in the domain, then you are going to start at the far right character of the domain.
  2. Once you find the right "/" , the next section of the URL will be the type of domain - .com, .co, me, .io, .ru, on and on. The left side of the domain type will be a "."
  3. To the left of the domain type is the root domain. This is sandwiched by a "'." on both sides.
  4. To the left of the root domain are subdomains or nothing. We'll learn mroe about subdomains in a future lesson.
Here's an example: https://support.apple.com/sakjdhi8?df8vdf/vv98df987
  • Domain type is .com
  • Root domain is apple
  • Subdomain is support

Don't let the long sequence of characters on the right fool you.

Finding subdomains

Once you find the root domain, you can find the subdomain. If there's a period to the left of the root domain and then more text to the left of the period, this extra text is a subdomain. The owner of the root domain can use whatever subdomains they want. For example, let's deconstruct the following domain.

> slack.reset-my-account.com

For the above domain, the root domain is "reset-my-account" and the subdomain is "slack". The root domain is not "slack".

Most companies use subdomains for various products, features, or functions. In the case of Slack, they use subdomains for customer workspace like workspace-name.slack.com

More tricks hackers use for URLs

๐Ÿค• One trick attackers often us is to buy and use root domains that look like real domains.

๐Ÿ‘‰ Here are come common tricks:

  • Use a "-" to combine or separate words - using "okta-twilio" to appear to be a login for Twilio employees or "account-slack" to seem like account access for Slack.
  • Changing characters to similar characters - changing "o" for "0" or "rn" for "m".
  • Misspelling by 1 character > turning "google.com" into "gooogle.com" or "salesforce.com" to "salsforece.com".

After you find the root domain, examine it to make sure it is the word you think it is.

๐Ÿฆนโ€โ™€๏ธ Attackers will try to make domain names seem overwhelmingly long and complex to make it so you don't look for the root domain. They can add 100s of characters to the right side of a domain.

It doesn't matter how long the sequence of characters on the right is, just follow the rules for finding the root domain. To recap:

๐Ÿ‘‰ Look for the "/" (single slash) farthest from the right. If there is no "/" in the domain, then you are going to start at the far right character of the domain.

๐Ÿ‘‰ Once you find the right "/" , the next section of the URL will be the type of domain - .com, .co, me, .io, .ru, on and on. The left side of the domain type will be a "."

๐Ÿ‘‰ To the left of the domain type is the root domain. This is sandwiched by a "'." on both sides.

๐Ÿ‘‰ To the left of the rood domain are subdomains or nothing. We'll learn mroe about subdomains in a future lesson.

Remember - always find the root domain before clicking on a URL.

Haekkaโ€™s URL Game

Given how important it is to be able to read a domain to protect yourself from phishing attacks, we created a URL game. This game, taken 100% in Slack, asks users to decide if a URL is real or fake. Based on user responses, the game logic presents various trainings on how to read a domain.

If you want to see a demo or get a trial of Haekka security and privacy games in Slack, schedule it here.

ย 

ย 

โ€