The Security Importance Of Understanding Domain Names And Links
There has been a spectacular growth in the use of the Internet to perpetrate fraud. Victims are conned into parting with critical information. One of the most common ways this happens is by fraudsters luring people to phishing websites. These websites are made to look like websites. Visitors trust them, and type in user IDs, passwords and access codes without a second thought. Fraudsters use that information to steal from visitor accounts, or to steal identities.
Text and email messages with HTML links are the most commonly used methods of getting people to visit phishing websites. You may get a text or email message, claiming to be from your bank or an online service provider, advising you of an issue that has arisen, and asking you to urgently visit the link provided. The only clue to the fact that the message is an attempt at fraud may be the domain name that is contained in the link. Therefore, understanding domain names is crucial to avoid being scammed.
How a domain name is structured
The basic structure of a domain name is relatively simple. It consists of a string of characters, followed by a period, followed by a top-level domain (TLD). The most widely used TLD is “.COM”, and well known domains that use this TLD include microsoft.com, amazon.com and paypal.com.
A domain name may include “www” before the domain name. This indicates to browsers that the domain resides on the World Wide Web. Since the World Wide Web is the location for almost all domains, the “www” is rarely typed. Nevertheless, www.amazon.com and amazon.com are two legitimate versions of the same domain name.
A domain name may also be preceded by “http://” or “https://”. These letters at the start indicate the protocol to be used when accessing the website to which the domain refers. The following four names are different formats of the same domain name, and all point to the same web address:
www.example.com
example.com
Subdomains
Many websites are divided into sections, or have different versions of the site. You might see something like “en.example.com”, pointing to the English language version of the site. Another example might be “m.example.com”, pointing to a mobile-optimized version of the site.
Phishing fraudsters often use subdomains to fool people into thinking a domain name is legitimate. Fraudsters cannot register a domain name that has already been registered by somebody else. Therefore, they could not register “apple.com”, “craigslist.org” or “paypal.com,” for example. They can, however, register unique domain names and add subdomains to try to convince people that a link is to a well-known website. Here are some examples from actual phishing or smishing messages of this:
1. applesupport/1234ds.com
2. craigslistalaskausa/1212.com
3. paypal.mobile/111222.com/txn?id-1122
Regardless of the references to “Apple support,” “Craig’s list” and “Paypal,” none of the above websites have any legitimate connection to any of the referenced businesses. The actual domain names in the examples above are:
1. 1234ds.com
2. 1212.com
3. 111222.com
Being able to recognize the actual domain name makes it a lot less likely that you would enter confidential information on those domains.
Embedded links
HTML is the main coding language used to display web pages, and it can also be used in text and email messages. HTML can display links to other websites. (Other coding languages may be used, and can work the same way). It has become standard practice to display these links in a different color to the main text, with blue being the most widely used color for links. Thus, you might see something like the following:
Welcome to our books page. If you want to buy any of the books reviewed, you can get them at Amazon.com
The HTML code which displays the above line might look like this:
<p>Welcome to our books page. If you want to buy any of the books reviewed, you can get them at <a href=’amazon.com’ target=’_blank’ >Amazon.com</a></p>
What is very important to note is that the text of the actual link does not necessarily correlate directly with the site being linked to. If the HTML code were as follows, somebody clicking on the “Amazon.com” link gets sent to a totally different website, namely mybookstore.com.
<p>Welcome to our books page. If you want to buy any of the books reviewed, you can get them at <a href=’mybookstore.com’ target=’_blank’ >Amazon.com</a></p>
The two HTML lines above will display exactly the same text, but the highlighted text (Amazon.com) would link to two different websites.
Hovering over embedded links in the browser status bar shows the actual website to which the link is pointing. It is good practice to get into the habit of hovering over links in text or email messages to see where they will take you before you actually click on a link.
You cannot hover if using a smartphone, but pressing and holding a link will show where the link is going to take you. If you have a small display, you may not be able to see the full text of the link. Therefore, it is advisable not to follow links on smartphone messages or texts.
The browser address bar
This can be your best friend in protecting you from phishing attacks. As you have already seen, clicking on a link can take you to a site that does not correspond with the highlighted link text. The browser address bar always shows you the full address of the website that you are in. Always look at the full address before typing in any confidential information. Pay particular attention to the domain name.
HTTPS
HTTPS is a secure protocol for communications between browsers and websites. Because criminals are inherently lazy, they often do not bother to install the security certificates necessary to use HTTPS, whereas most reputable businesses take this extra step. Therefore, if you visit a website that is not using HTTPS, be extra careful before entering confidential information. In summary, the best way to stay safe from phishing attacks is to be constantly alert, and to know where any link is actually sending you. Always use your browser address bar to double-check that you are at the website you intended to