A lie can travel around the world before the truth can get its pants on.

Understanding Internet Addresses


Photo Credit: pexels.com Andrea Piacquadio

More > Understanding Internet Addresses >


Throughout the world, regardless of party affiliation, politicians are known for having "pet projects".
The goal of a given pet project could be to:

Regardless of which motivation applies, a politician may believe that any cost imposed on society is justified as long as his or her particular goal is achieved.
If the country you live in were governed by a benevolent dictatorship under my control, my pet project would be internet security.
I would impose periodic tests where every adult member of society would have to demonstrate that he or she is familiar with avoiding common internet scams.
On the tab to the right we will pick apart the pieces of some common web addresses.
My goal is to help you leverage that knowledge so that you can identify websites that are not legitimate.
Whether you learn this lesson from this website or someplace else, it is important that you understand this information.
I can't force you to learn it.
At least not yet.

Uniform Resource Locator

An internet address uses the following pattern: {connection type}://{subdomain}.{domain}.{top-level domain}/
In order of general to more specific it is: top-level domain, domain, subdomain.
I will be jumping around in the remainder of this tab.
Rather than taking a brute force military boot camp type approach, I will try to gently leverage what you already know, then fill in the details.
First we will review some url's.

Real Life Examples

I am not going to make the text hyperlinks but it is possible that your browser might decide to go rogue and make them hyperlinks regardless.

Example One

https://www.google.com/

TextDescription
comTop-level domain
googleDomain
wwwSubdomain

Example Two

https://money.cnn.com/

TextDescription
comTop-level domain
cnnDomain
moneySubdomain

Example Three

https://www.cia.gov/careers/jobs

TextDescription
govTop-level domain
ciaDomain
wwwSubdomain
careersFunctions as a directory. It may or may not actually map to a directory on a web server.
jobsIn this context "jobs" is serving as a file name. It may or may not map to an actual file name on a server.

The text "jobs" could possibly be a directory configured to pulled up some specific file as a default or it could be an actual file.
If sufficiently provoked, the U.S. Central Intelligence Agency could make someone go missing just as surely as if he or she were a dissident living under an Argentinian Junta, so I would prefer not to poke around too much.
Regardless of what you think of the CIA, their social media team knocked it out of the park with the CIA's first tweet.
Please google "twitter cia first tweet".
Without the enclosing quotation marks you will get more hits but it works either way.

Example Four

https://www.google.co.uk

TextDescription
co.ukTop-level domain
googleDomain
wwwSubdomain

Example Five

https://www.germany.info/us-en

TextDescription
infoTop-level domain
germanyDomain
wwwSubdomain
us-en"us-en" is possibly a directory with a file that the web server has been configured to send as a default.

Why do I describe "us-en" that way?
Because the "https://www.germany.info" site allows us to navigate to:
"https://www.germany.info/us-en/embassy-consulates/embassy-washington"
However, just because something looks like a series of directories in your web browser's address bar does not that mean it maps to exactly that on a web server.
My goal with this page is not to turn you into an expert on all things internet related but rather to recognize the most obvious scams.
If you do a "who.is" lookup on "germany.info" you will see that the "germany.info" domain was registered August 1st, 2001 and it is owned by the German Ministry of Foreign Affairs.
The completely unrelated domain "germany.com" is owned by a German web hosting company.
Perhaps that is why "www.germany.info" uses the "info" top-level domain.

Connection Type


If you look up "url" on Wikipedia you will see that what I am calling "connection type" is a subset of what is called "schema".
For the purpose of this page, I think it is more helpful to refer to it as "connection type".
Feel free to view the wikipedia page if you want to drill down deeper on this topic.
If an address begins with "https" instead of merely "http" that means that there is some level of encryption between the serving of the page and your web browser.
It does NOT mean that some third-party has reviewed whether the site is or is not a scam.
Think of "http" with no "s" at the end as sending data on the back of a postcard versus "https" with the "s" meaning sending data in a sealed dark envelope.
If the stakes are high enough either a sealed letter or an https connection could theoretically be intercepted but it is still appropriate to use "https".
Just because an armed team with appropriate tools could theoretically steal your locked car from the local shopping mall does not mean you should leave the doors unlocked with the keys on the dashboard.

Top-level Domain

A top-level domain most of us are quite familiar with is "com" for "commercial".
Spoiler-alert: in the table below, "Tld" stands for "Top-level domain"
Other top-level domains you may be familiar with are:

TldDescription
netnetworking
orgorganization
edueducation
govgovernment
milmilitary

If you are from outside the United States, you may be familiar with your country's top-level domain and those of surrounding countries.
Even if you are from the United States, you may have come across the country code for Belgium.
The country code for Belgium is "be".
Google has configured "youtu.be" to redirect to "https://www.youtube.com/".
I wish they had not done so, but as is all too often the case, no one asked for my opinion.
People should proceed with caution when using domains that they are familiar with.
People should exercise even greater caution when they use domains that they are not familiar with.
Having people use a top-level domain they are otherwise unfamiliar may make people less wary when using other unfamiliar top-level domains.

Domain

Name chosen to represent an organization on the internet under a top-level domain.
It may be a compromise among what is easy for users to type, descriptive enough for users to recognize, and not previously taken by someone else.
In one of the least surprising things I noted today, "amazon.com" owns the url "amazon.org" and has it redirect to "amazon.com"

Subdomain

Amazon.com credit cards are issued by three different issuers: American Express, J.P. Morgan Chase, and Synchrony Financial.
If you have the Amazon card issued by Synchrony Financial, you can service your account at the following address: "https://amazon.syf.com/".
The combination of "syf" domain under the "com" domain is owned by Synchrony Financial.
The "amazon" subdomain is under "syf.com"
This explanation is not intended as commentary on which, if any, Amazon related card is or is not appropriate for you.
Rather, the intent is to introduce a valid use of a subdomain.
It is not a requirement that a given site have a subdomain.
After reading this page you can type fedput.com in your browser's address field.
There will be no subdomain.
The theme of both the site you are on now and fedput.com will NOT be how to turn small fortunes into large fortunes but rather to how to avoid turning large fortunes into small fortunes
For those that lack even small fortunes, the goal will be to lessen the chance of going from just scraping by to being outright destitute.

Trailing Slash

As we saw in "https://www.cia.gov/careers/jobs" and "https://www.germany.info/us-en" there can be text after the top-level domain.

Beware of Phishing

As we saw with the Amazon store card, a company might use the brand of a company that it has a relationship with in a subdomain on its website.
That is a completely valid use of a subdomain.
Another valid use of subdomains is when an advertising network manages partnerships between advertisers and website publishers.
However, scammers also use the brands of unrelated companies in order to convince people that they are or represent a legitimate business.
Some contain website addresses contain nonsensical looking combinations of characters accompanied by text and images encouraging me to enter login details and credit card numbers.
A web address emailed, texted, or advertised by a scammer may contain text that looks like a legitimate organization in any one of the sub-domain, the domain with a dash, or the text after the top level domain.
In the example below we will assume that www.legitsite.net is a reputable website that you use.
A scammer might try to pose as a legitimate site by creating one or more of:

In real life, internet grifters will go out of their way to avoid text that looks like "internetgrifter" anywhere in a url.
Notice that in the three examples above, the "https" connection protocol is used.
When the "https" connection protocol is used, a web browser will usually display a padlock in or near the address box.
By itself, the mere fact that a padlock is displayed does NOT mean that a website is or is not legitimate.
Scam sites are able to use the "https" protocol just as legitimate sites can.

My Takeaway

Between the time you started and the time you finished reading this web page you may have received many phishing emails on your work and/or personal email accounts.
If after reading this page you consider yourself to be an expert who is impossible to fool, then I have absolutely failed.
Anyone so naive as to think that he or she can at an instant recognize every possible threat places him or herself and his or her employer in considerable jeopardy.
Just reading this page alone will not make you an expert, but it may help you recognize the most obvious scams.