cybersecurity

Understanding URLs to Identify Phishing

2018-10-16T14:12:52+00:00

Having a general understanding of how Uniform Resource Locators or URLs are commonly formatted and utilized can be helpful in avoiding online scams, particularly phishing (deceptive practices to obtain sensitive user information such as logins, passwords, and credit card details).

The main purpose of a URL is to help a user locate a specific website without being required to use its numeric IP (Internet Protocol) address. URLs refer to a “dot com” type of address versus one comprised of only numbers like 12.354.678.910.

Please reference the following summary of URL components as a guide to help you to identify safe, secure websites.

Common Protocols – http, https, ftp {Note: https is an encrypted session (i.e. secure)}
Domain Names – Alphanumeric name for the server where the website is hosted such as LinkedIn or HBKCPA
Sub-Domains – Sub-Domains are commonly used and are added right to left from the Domain Name instead of left to right.
Common Top-Level Domains – .com, .org, .gov
Pathnames – The directory/subdirectory name of where the information is located on the web server
Filenames – The name of the desired filename on the web server
Common Extensions – .html, .jpeg, .wav, .exe

Here are two examples of URLs:

https://support.microsoft.com/en-us/1234word.html
This is a valid URL using a Sub-Domain of “support”. Don’t be thrown off when sub-domains read in the opposite direction of how we read words/text in English.

http://rnicrosoft.com/support/1234word.html
This is an example of an invalid URL that might be used for phishing. The hacker uses an “r” and an “n” to simulate a lower case “m” in the domain name “microsoft” in order to confuse users into thinking it is a legitimate URL.

Remember that phishing attempts are on the rise and they are becoming so sophisticated that they constantly more difficult to identify. So, please take note of these tips in order to help you avoid links that may lead to phishing attacks.

For this reason and many others, it is crucial to implement a Cyber Security Awareness Campaign within your organization. Contact HBK, if you would like assistance with implementing a Cyber Security Awareness Campaign.

HBK can assist you with cyber security topics or questions. Please contact Matt Schiavone at mschiavone@hbkcpa.com, Bill Heaven at wheaven@hbkcpa.com, or Steve Franckhauser at sfranckhauser@hbkcpa.com for assistance.

About the Author(s)
Established in 1949, HBK serves clients ranging from individuals to small businesses to multi-million dollar corporations across the United States through our office locations in Ohio, Pennsylvania, Florida, and New Jersey. We specialize in a wide variety of tax, accounting, assurance, and business consulting services which can help you achieve all of your personal and business goals.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.

RECOMMENDED ARTICLES