Having a general understanding of how Uniform Resource Locators or URLs are commonly formatted and utilized can be helpful in avoiding online scams, particularly phishing (deceptive practices to obtain sensitive user information such as logins, passwords, and credit card details). The main purpose of a URL is to help a user locate a specific website without being required to use its numeric IP (Internet Protocol) address. URLs refer to a “dot com” type of address versus one comprised of only numbers like 12.354.678.910. Please reference the following summary of URL components as a guide to help you to identify safe, secure websites. Common Protocols – http, https, ftp {Note: https is an encrypted session (i.e. secure)} Domain Names – Alphanumeric name for the server where the website is hosted such as LinkedIn or HBKCPA Sub-Domains – Sub-Domains are commonly used and are added right to left from the Domain Name instead of left to right. Common Top-Level Domains – .com, .org, .gov Pathnames – The directory/subdirectory name of where the information is located on the web server Filenames – The name of the desired filename on the web server Common Extensions – .html, .jpeg, .wav, .exe Here are two examples of URLs: https://support.microsoft.com/en-us/1234word.html This is a valid URL using a Sub-Domain of “support”. Don’t be thrown off when sub-domains read in the opposite direction of how we read words/text in English. http://rnicrosoft.com/support/1234word.html This is an example of an invalid URL that might be used for phishing. The hacker uses an “r” and an “n” to simulate a lower case “m” in the domain name “microsoft” in order to confuse users into thinking it is a legitimate URL. Remember that phishing attempts are on the rise and they are becoming so sophisticated that they constantly more difficult to identify. So, please take note of these tips in order to help you avoid links that may lead to phishing attacks. For this reason and many others, it is crucial to implement a Cyber Security Awareness Campaign within your organization. Contact HBK, if you would like assistance with implementing a Cyber Security Awareness Campaign. HBK can assist you with cyber security topics or questions. Please contact Matt Schiavone at mschiavone@hbkcpa.com or Bill Heaven at wheaven@hbkcpa.com for assistance.