Understanding URLs is extremely important in avoiding online scams. If there’s only one technical skill you need to know about the internet it’s this, and it will save you being caught out one day.
I’ve limited acronyms to just one (URL) to make it easier to understand.
URL. It doesn’t matter what the letters stand for, it means the address of the web page you go to. You get to see URLs in the top of your web browser. An example of a URL is:
You probably see these every day, every page on the internet has one, and you see links for them every day. This is basically how the internet works.
The only other thing you’ll need to keep in mind for this article is that there are good web pages and bad ones – legitimate sites and scam sites created for various evil purposes.
Now we’ll explain how to recognise a good URL from a bad URL.
I’ve made up two names to demonstrate, and apologies in advance to anyone who’s real business name is similar to these (I googled the names and they came up blank so I’m fairly certain they aren’t real business names at the time of writing).
Let’s say a legitimate company is called SomeFancyBank, and that their legitimate website is www.somefancybank.com. It’s the good site. And imagine you have an account with them and a fair bit of money in there.
And let’s say there’s a fraudulent website registered as confusinglookingname.com. So this one is controlled by someone intent on stealing your money, it’s the bad site.
So if you get an email asking you to click on www.somefancybank.com/login.asp you’ll probably feel safe to do so.
If you see a link that looks a little like www.confusinglookingname.com/login.asp you’ll be surprised and you won’t click, it’s a fake website designed to look like the real bank’s site, only they capture your details.
What if the link is www.somefancybank.confusinglookingname.com ? You can see your favourite bank’s name in there so maybe it’s real… Read on, you’ll see why this is definitely illegitimate.
A URL can be broken down into three parts:
1. There’s the stuff at the beginning (often it’s www but doesn’t have to be). And it could be long and could include many dots.
2. Then there’s the domain name (e.g. somefancybank). It’s usually a company name or some other trademark, followed by a .com. There can only be one dot in this part.
3. Then there’s a / followed by a bunch of technical bits. We’re not covering this part in this article. It’s what comes before the / that’s important.
So there are three parts to a URL and we’re only concerned with the first two.
Let’s go straight to some examples (the important bits have been highlighted in bold):
- somefancybank.com/login.php – good
- abcde.somefancybank.com – good
- 123.somfancybank.com/123/456/789 – good
- abc.somefancybank.com/scaryletters/ – good
- confusinglookingname.com/login.php – bad
- 123.abc.zz45xy.confusinglookingname.com/some/fancy/bank – bad
- www.somefancybank.confusinglookingname.com – bad
- www.some.fancy.bank.confusinglookingname.com/somefancybank – bad
- important.clicknow.confusinglookingname.com/some/fancy.bank/login.asp – bad
I’m sure you’re starting to get the idea by now. Now for some trickier examples:
- www.somefancybank.com.au/login.php – bad
- www.somefancybank.com.login.confusinglookingname.com – bad
Let’s leave things simple and end it there.
Humans are good at recognising patterns, so when you see your favourite company name in the URL you might immediately think it’s legitimate. Scammers take advantage of this and deliberately make these links to trick people.
You’ll find these fake links in emails, other web pages, chat programs, etc. They’re everywhere so get used to recognising how they work and you’ll be a lot better off.