A lie can travel around the world before the truth can get its pants on.

Understanding Internet Addresses

Photo Credit: pexels.com Andrea Piacquadio

More > Understanding Internet Addresses >

Throughout the world, regardless of party affiliation, politicians are known for having "pet projects".
The goal of a given pet project could be to:

Regardless of which motivation applies, a politician may believe that any cost imposed on society is justified as long as his or her particular goal is achieved.
If the country you live in were governed by a benevolent dictatorship under my control, my pet project would be internet security.
I would impose periodic tests where every adult member of society would have to demonstrate that he or she is familiar with avoiding common internet scams.
On the tab to the right we will pick apart the pieces of some common web addresses.
My goal is to help you leverage that knowledge so that you can identify websites that are not legitimate.
Whether you learn this lesson from this website or someplace else, it is important that you understand this information.
I can't force you to learn it.
At least not yet.

Uniform Resource Locator

Internet addresses are an example of a Uniform Resource Locator.
An internet address uses the following pattern: {connection type}://{optional: subdomain}.{domain}.{top-level domain}/{ optional: combination of directory, filename, parameters }
It is understandable if you do not yet understand every piece of the line above.
However, keep in mind that when you use the internet, criminals will try to take advantage of gaps in your knowledge in order to scam you and your employer.
This page will try to help you fill in some of those gaps.
Rather than taking a brute force military boot camp type approach, I will try to gently leverage what you already know by presenting information you are familiar with and then filling in additional details.
First we will review some url's.
Many of you will be familiar with some of the url's to follow, and some of you will be familiar with all of them.

Real Life Examples

I am not going to make the web addresses clickable links but it is possible that your browser might decide to go rogue and make them hyperlinks regardless.

Example One


comTop-level domain

Example Two


comTop-level domain

Example Three


govTop-level domain
careersFunctions as a directory. It may or may not actually map to a directory on a web server.
jobsIn this context jobs is serving as a file name. It may or may not map to an actual file name on a server.

The text jobs could possibly be a directory configured to pulled up some specific file as a default or it could be an actual file.
If sufficiently provoked, the U.S. Central Intelligence Agency could make someone "disappear" just as surely as if he or she were a dissident living under an Argentinian Junta, so I would prefer not to poke around too much.
You might also prefer not to poke around on the CIA website which is why I did not make the links hyperlinks.
Regardless of what you think of the CIA, their social media team knocked it out of the park with the CIA's first tweet.
If you doubt me, please google twitter cia first tweet.

Example Four


co.ukTop-level domain

Example Five


fyiTop-level domain
There is no subdomain for this example.

Connection Type

If you look up url on Wikipedia you will see that what I am calling connection type is a subset of what is called schema.
For the purpose of this page, I think it is more helpful to refer to it as connection type.
Feel free to view the wikipedia page if you want to drill down deeper on this topic.
If an address begins with https instead of merely http that means that there is some level of encryption between the web server serving you the page and your web browser.
It does NOT mean that some third-party has reviewed whether the site is or is not a scam.
Think of http with no s at the end as sending data on the back of a postcard versus https with the s meaning sending data in a sealed dark envelope.
If the stakes are high enough either a sealed letter or an https connection could theoretically be intercepted but it is still appropriate to use https.
Just because an armed team with appropriate tools could theoretically steal your locked car from the local shopping mall does not mean you should leave the doors unlocked with the keys on the dashboard.

Top-level Domain

A top-level domain most of us are quite familiar with is com for commercial.
Spoiler-alert: in the table below, Tld stands for Top-level domain.
Other top-level domains you may be familiar with are:


If you are from outside the United States, you may be familiar with your country's top-level domain and those of surrounding countries.
Even if you are from the United States, you may have come across the country code for Belgium.
The country code for Belgium is be.
Google has purchased the url youtu.be and configured it to redirect to https://www.youtube.com/
I wish they had not done so, but as is all too often the case, no one asked for my opinion.
People should proceed with caution when using domains that they are familiar with.
People should exercise even greater caution when they use domains that they are not familiar with.
Having people use a top-level domain they are otherwise unfamiliar may make people less wary when using other unfamiliar top-level domains.
That being said, I setup http://trc.horse to redirect to my website so maybe I am not one to talk.


Name chosen to represent an organization on the internet under a top-level domain.
It may be a compromise among what is easy for users to type, descriptive enough for users to recognize, and not previously taken by someone else.
In one of the least surprising things I noted today, amazon.com also owns the url amazon.org and has it redirect to amazon.com


Amazon.com credit cards are issued by three different issuers: American Express, J.P. Morgan Chase, and Synchrony Financial.
If you have the Amazon card issued by Synchrony Financial, you can service your account at the following address: https://amazon.syf.com/
The combination of syf domain under the com domain is owned by Synchrony Financial.
The amazon subdomain is under syf.com
This explanation is not intended as commentary on which, if any, Amazon related card is or is not appropriate for you.
Rather, the intent is to introduce a valid use of a subdomain.
It is not a requirement that a given site have a subdomain.
After reading this page you can type fedput.com in your browser's address field.
There will be no subdomain.
The theme of both the site you are on now and fedput.com will NOT be how to turn small fortunes into large fortunes but rather to how to avoid turning large fortunes into small fortunes
For those of us that lack even small fortunes, the goal will be to lessen the chance of going from just scraping by to being outright destitute.

Trailing Slash

As we saw in https://www.cia.gov/careers/jobs there can be text after the top-level domain.

Beware of Phishing

As we saw with the Amazon store card, a company might use the brand of a company that it has a relationship with in a subdomain on its website.
That is a completely valid use of a subdomain.
Another valid use of subdomains is when an advertising network manages partnerships between advertisers and website publishers.
However, scammers also use the brands of unrelated companies in order to convince people that they are or represent a legitimate business.
Some contain website addresses contain nonsensical looking combinations of characters accompanied by text and images encouraging me to enter login details and credit card numbers.
A web address emailed, texted, or advertised by a scammer may contain text that looks like a legitimate organization in any one of the sub-domain, the domain with a dash, or the text after the top level domain.
In the example below we will assume that www.legitsite.net is a reputable website that you use.
A scammer might try to pose as a legitimate site by creating one or more of:

In real life, internet grifters will go out of their way to avoid text that looks like internetgrifter anywhere in a url.
Notice that in the three examples above, the https connection protocol is used.
When the https connection protocol is used, a web browser will usually display a padlock in or near the address box.
By itself, the mere fact that a padlock is displayed does NOT mean that a website is or is not legitimate.
Scam sites are able to use the https protocol just as legitimate sites can.

My Takeaway

Between the time you started and the time you finished reading this web page you may have received many phishing emails on your work and/or personal email accounts.
If after reading this page you consider yourself to be an expert who is impossible to fool, then I have absolutely failed.
Anyone so naive as to think that he or she can at an instant recognize every possible threat places him or herself and his or her employer in considerable jeopardy.
Just reading this page alone will not make you an expert, but it may help you recognize many of the most obvious scams.