Learn to Surf Safely by Understanding Website Domain Names

[Do you get our weekly free newsletter with the latest scams and tips to stay safe? Sign up now and be smarter and safer using the Internet! ]

We often hear from folks who say that they routinely mouse-over links but don’t understand what they see and can’t tell whether the link is legitimate or malicious.  Fear not! Knowledge is power and we want you to be more powerful and surf safely while using the web, email, texting, etc.

A link  is nothing more than a “foot path” to a computer located somewhere on the Internet or on a private network and then to a particular file or document on that computer.  The millions of computer locations across the Internet must follow a set of rules set up by a group that governs Internet names. This group is called the International Consortium of Assigned Names and Numbers  or ICANN, for short.

ICANN is responsible for creating global top-level domains (gTLD; some say the “g” refers to “generic”).  We are all familiar with some such as dot-com (.com) and dot-org (.org)  If you learn a little about these domains and the rules for naming domains, you will be much more skilled at spotting malicious links! (If you are as nerdy as we are and enjoy learning more detail about this stuff, visit ICANN’s factsheets and download the fact sheet about gTLD)

I. Anatomy of a Domain Name

A domain name is the name assigned to a website or Internet location and is followed by a “dot” and finally a global TLD.  All of this appears BEFORE the first forward slash ( / ) in a link. For example, here is a long link from Amazon.com that leads  visitors to information about a book by Doug Fodeman called “A Parent’s Guide to Online Safety” (excuse our cheap pitch at self-promoting):

http://www.amazon.com/Parents-Guide-Online-Safety/dp/1564843270/ref=sr_1_1?s=books&ie=UTF8&qid=1378130468&sr=1-1&keywords=parents+guide+to+online+safety

Let’s identify the pieces of this link…

1. http://     VERY IMPORTANT!
Http is shorthand for a set of instructions for computers. (HyperText Transfer Protocol) It is a non-secure method to transfer information   It is important for us to know that connecting to a website this way is NOT SECURE!  Therefore we should never be asked to enter personal information, passwords, banking or other financial information on a webpage when the link starts with http.  If we were on a website that asked for very personal information such as passwords or credit cards, then the web address (known as a URL) had better start with httpsThe “s” stands for secure!  That little “s” means so many important things behind the scene of  the website you are viewing.  You should ALWAYS be looking for it when paying by credit card, logging into a site with a password, etc.  If you see only http, and think you should be seeing https BE SUSPICIOUS and stop what you are doing!

2. www        Not important.
“www” simply refers to the “World Wide Web.”  How quaint.  It may be in a link or, more often than not, may not be in the link.

3. amazon.com    VERY IMPORTANT!
“amazon” is the domain and identifies the business or entity represented.  “dot-com” is the global top level domain and, in this case, means that “amazon” is a commercial institution so far as ICANN is concerned.

4. /Parents-Guide-Online-Safety/dp/1564843270/ref=sr_1_1?s
=books&ie=UTF8&qid=1378130468&sr=11&keywords=parents+guide+to+online+safety        Not important. (Except maybe to the author!)
All the junk that appears after the first forward slash ( / ) is not the least bit important!  It refers to many different things and can be whatever the website owner wants it to be.  ICANNs has no say in the matter and there are no governing rules about it.  Just ignore it (from a safety perspective).

II. Recognize and Understand Global Top Level Domains (gTLDs)

gTLDs tell us a lot about the website we are visiting!  Back in the late 1980s this used to be a small collection of only 6 top level domains:

Most Common gTLDs
.com    Commercial business    Anyone can obtain a dot-com for any purpose
.org    Organization            Anyone can obtain a dot-org for any purpose
.net    Networking technology    Anyone can obtain a dot-net for any purpose (though this was supposed to have a restricted use in theory)
.edu    Educational institution    Since 2001 only colleges/universities can obtain and use a dot-edu. (Any school with a dot-edu obtained before 2001 was allowed to keep it such as brookwood.edu)
.mil    U.S. Military            This gTLD is restricted to United States Military ONLY!
.gov    U.S. Government        This gTLD is restricted to United States Government ONLY!

Additional gTLDs That Have Been Added Since 1998:

.info    Information        Not suprisingly, dot-info sites see a lot of abuse/misuse and are often a source of spam
.biz    Business        Dot-biz sites are also sometimes associated with spam
.mobi    Mobile            Sites that cater to mobile devices
.museum    Museum        Not getting much use as of fall, 2013
.xxx    Pornography        Not getting much use as of fall, 2013 (because it would become too easy for people to block it, in our humble opinion)

…dozens more were added in 2014 by ICANNs.  Many of them seem to used only by scammers as of Spring 2015.  For example, .science, .work, .link, and .space.

What is the take-away here?  Always look at the gTLD.  It should loosely match its stated purpose.  For example…

a) If you are visiting the Red Cross organization to make a credit card donation, the gTLD better say “.org” and the connection better be “https.”  Here is their legitimate link:
https://www.redcross.org/donate/index.jsp?donateStep=2….and other junk

b) If you are getting tax information from the United States IRS, the gTLD better say “.gov.” Here is a legitimate link for tax forms:
http://www.irs.gov/Forms-&-Pubs

c) If you get an email from someone at the FBI, the “from” address better include the domain “fbi” and the gTLD “dot-gov.”  Here is a legitimate FBI email address (without the agent’s real name): Joe-Schmo@ic.fbi.gov

A Word of Caution About gTLDs
According to several sources (see below), dot-com still remains the riskiest gTLD. However, though there are many legitimate users of dot-info and dot-biz websites, we also see a high number of scammers and suspicious websites or emails at dot-info and dot-biz sites.  On the other hand, dot-gov, dot-mil, and dot-edu see very little abuse because they are strongly restricted.

Resources:
Wikipedia Generic Top Level Domains
2012 Web Malware Trends Report: View “Scan Distribution of Compromised Sites”
How Likely is a Domain to be Malicious?

III. Recognize and Understand Subdomain names

Subdomains are names/characters that appear IN FRONT OF  a domain name and separated by a period.  They are created by the website owner and can be anything at all.  There are no rules that govern subdomains.  Though a subdomain should be a name that makes sense to you for the website you are visiting, they don’t have to make sense or be recognizable.  For this reason, they are really not that important. Though you can ignore them, it is a good practice to look at them. Subdomains are often used by scammers to trick potential victims.  Here are some legitimate and malicious examples:

LEGITIMATE
a) https://tools.usps.com/go/TrackConfirmAction!input.action
United States Postal Service package tracking website
Subdomain: tools
Domain: usps
gTLD: .com (Connection is secure: https)

b) http://wwwapps.ups.com/WebTracking/processInputRequest
United Parcel Service (UPS) package tracking website
Subdomain: wwwaps
Domain: ups
gTLD: com (Connection is not secure http)

c) https://secure.bankofamerica.com/login/reset/entry/resetIDScreen.go?fromSitekeyWidget=true
Bank of America secure site for help with your online ID
Subdomain: secure
Domain: bankofamerica
gTLD: com (Connection is secure https)

MALICIOUS:
a) http://usps.track-my-package.com/
Meant to look like United States Postal Service package tracking website
Subdomain: usps
Domain: track-my-package
gTLD: com (Connection is not secure http)

b) http://www.mydeliveryFedEx.com/
Meant to look like FedEx package tracking website
Subdomain: none (ignore www, it is not a subdomain)
Domain: mydeliveryFedEx
gTLD: com (Connection is not secure http)

c) http://login.bankofamerca.com/
Fake phishing Bank of America website; notice the misspelling in America?
Subdomain: login
Domain: bankofamerca (Misspelled!)
gTLD: com (Connection is not secure http)

Here are 8 links to screenshots of real scams. (To make an image larger, click on the enlarge button in the upper right corner of the image.)   Look in the lower left corner of each screenshot to see the real URL (web address) that is revealed when I mouse-over a link in each email.

1. Google Registration was succesful!
2. View your hotel bill (This link on this scam begins with an IP address, not a domain name.)
3. Intuit: You submitted the following for payment
4. PayPal: Restore your account
5. Re: Your computer order from TigerDirect.com
6. Please update your PayPal Information
7. A delivery from UPS
8. Wells Fargo Banking: Please sign in to eBanking

Eager to learn more? Check out our other related articles and videos:

1. Shortened URLs: What are they and why should I care?
2. Mouse-Over: The Most Important Internet Skill!
3. Identifying scams using 2-letter country code. (video)
4. Misuse of .science domain (Reported in the March 11, 2015 newsletter)