How to read a website address (URL)
Being able to look at a website address (URL) and identify the different parts can help you identify a malicious website or email. Scammers routinely create websites using URLs that are designed to look like a legitimate website. This page includes some guidelines that should help you identify whether or not a URL is legitimate. If in doubt, please contact Information Security.
Identify the domain name
The domain name is the key part of the website address that tells you who is responsible for the content and ultimately whether it is legitimate or not. To identify the domain name, begin reading the URL from left to right:
- Some web browsers might show the protocol followed by a colon and two slashes (http:// or https://), other web browsers hide that part.
- The part after the protocol and before the next single slash is the domain name.
- In this example, the URL is https:// imss.caltech.edu /services/information-security and the domain name is imss.caltech.edu
- The rest of the URL after the domain name refers to specific pages on a site
- Focus on the domain name portion of the URL to figure out if you're actually looking at the website you think you are
Watch out for common tricks
Scammers use a range of tricks to try to make their malicious websites look like legitimate ones, including crafting fake URLs that impersonate real ones. Here are some of those tricks.
Changing the top-level domain
The top-level domain (TLD) is the portion of the domain name following the last dot (e.g. .com, .net. .org .edu). There are now more than 1,000 TLDs. While Caltech owns the caltech.edu domain, a scammer could potentially obtain a domain using the name caltech with a different TLD and use that to create a URL like www.caltech.tk or imss.caltech.work.
Some but not all URLs include subdomains. A subdomain is a portion of a domain name that comes before the main name. For example, the domain caltech.edu has many subdomains including imss.caltech.edu. An owner of a domain name can create any combination of subdomains for that domain. A scammer could obtain a domain and then create a series of subdomains that are designed to look like a legitimate URL. For example, if an attacker had control of example.com, they could create the subdomain imss.caltech.edu.example.com. Or they could make the subdomain even longer than that, to try to hide the fact that the domain name eventually ends with example.com.
Altering spelling and usage of dots
A scammer may use alternate spellings or add or remove dots to imitate a legitimate URL. For .edu domains like caltech.edu, this may be more difficult to pull off, since .edu is only available to educational institutions. You might see this in combination with other tricks like changing the top-level domain. For example, caltech.com is owned by a real business, but a scammer might substitute the letter "l" in caltech for a number "1" and register ca1tech.com to try and impersonate that site. Or if you access online banking by going to www.online-bank.com, a scammer might register the domain wwwonline-bank.com to try and impersonate that site.
Including the legitimate domain later in the URL
A scammer may simply add the legitimate domain to a later portion of the URL (not the domain portion) in hopes that you'll see it there and ignore the actual domain which is something else. For example, www.bad-site.com?imss.caltech.edu.
Link text versus destination
On websites, any text can be made into a link. It's common to make the link text and the destination attached to that link the same thing, for example by writing out the text of a link like www.caltech.edu and pointing the destination of that text to www.caltech.edu as in www.caltech.edu. A common trick used by scammers is to write out the text to look like www.good-site.com but make the link point to www.bad-site.com as in www.good-site.com. Before clicking on a link, hover the mouse over it to ensure it actually points to where you are expecting. Then after you click on the link, check the URL in your browsers address bar to confirm you're still on the site you expect to be on.
Be aware of legitimate domains that appear in campus mailings
It is common for email scams to employ fake domains designed to imitate legitimate domains. See Legitimate domains appearing in campus mailings for a list of some of the legitimate external domains that appear in official Caltech may, and be cautious of links to domains that do not appear on this list.