CYBER BLOG: URLs - Don't get hooked

CYBER BLOG: URLs - Don't get hooked

Don’t get hooked

Phishing emails are still a major way in which criminals and hackers can access computer systems and personal details such as bank details and trick users in to revealing passwords. Typically, phishing emails try to get you to download an attachment or visit a website where you will be asked to enter sensitive information.

The key to not clicking on dodgy links is understanding how a URL is constructed. Take a look at the following links and see if you can spot the fake websites from the real ones:

  • https://mobile.facebook.com
  • https://facebook.mobile.com
  • http://facebook.com/help

In the above examples, the first and last would both take you to the genuine Facebook page. The middle one however would not. I’ll try to explain why.

URL’s or website addresses are made up of various component parts. The first part, normally https or http, indicates the protocol to be used. There are other protocols, but these two are the most common for visiting websites. HTTP stands for Hyper Text Transfer Protocol, we don’t need to worry about this bit too much, just make sure that if the site is asking you to enter details that it is using HTTPS (the S stands for secure). This doesn’t mean that the website is genuine, only that the information being transmitted is encrypted.

The second part of the URL, for example www.sbrcentre.co.uk, is the hostname. This is the part that we need to start paying more attention to. The www section, in the above example, is what is called a subdomain, it is a section of the web server that you are visiting. The sbrcentre section is the domain of the website you are visiting and the .co.uk section is what is called the Top Level Domain.

Let’s break down the first three examples. The first two use the HTTPS protocol. This means that the information passing between your computer and the website is all encrypted.

The first example has the domain mobile.facebook. In this instance the address is looking for the ‘mobile’ subdomain of ‘facebook’. The second example is looking for the subdomain of ‘facebook’ on the domain ‘mobile’. So this example would actually take you to a website called mobile.com and not Facebook.

The third example uses the HTTP protocol (in real life Facebook would redirect you to https) and then goes to the domain facebook.com. The last part of this URL starts with a ‘/’. This indicates that the website should deliver a specific folder or file, in this case the file (or page) ‘help’.

When reading a URL, it is important to first check the top level domain first. Ignore anything after the first / to begin with. Find that top level domain, for example .co.uk or .com. Once you have found that, the next step is to look for the domain name before the TLD (Top Level Domain). Only then will you know what website you are visiting.

Attackers are becoming more sophisticated when making phishing websites. Take this real example of a phishing link:

http://www.natwestcustomerlogon.livebetterforever.co.uk/step2.php

At first glance it may look like it goes to NatWest website, but armed with our new knowledge, we can see that the actual domain is livebetterforever. The first part is only a subdomain. If someone was to visit this site (I wouldn’t recommend it) they would have seen the below:

This does look like the genuine NatWest website and it would only be by reading the URL that someone would be able to discover that they were in fact in the wrong place.

Hopefully this information has been useful and of you would like to know more, please email [email protected]

 

Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.


Forgot password?