A Uniform Resource Locator (URL) is a fundamental concept of the web that serves as the address or location of a specific resource, such as a webpage, image, or file, on the internet. It acts as a unique identifier that allows users to access and retrieve resources hosted on web servers worldwide. A URL consists of several components, including a protocol, subdomain name, domain name and optional path, query parameters and other identifiers. These are all combined to form a standardised format for specifying the precise location of online content. Understanding how URLs work is essential for navigating the web, sharing links, and ensuring online security.
Phishing scams often make use of the subdomain name to make a malicious link appear genuine. For example:
https://netflix.accounts.com/account-verification might look genuine to a casual observer, but lets break this down:
In the example above, you can see that the actual registered domain name is ‘accounts.com’. ‘netflix.com’ is registered to Netflix, Inc and cannot be used so the threat actor is using the ‘netflix’ subdomain to make it appear genuine.
Please continue reading below to find out more information on how URLs are made up:
The protocol in a URL is a crucial component that specifies the rules and procedures for communication between a web browser and a web server. It defines how data is transmitted, the security measures employed and the actions required to establish a connection with a website. Example protocols include:
Domain names are the main part of a URL and are unique identifiers for websites. Phishers often create domain names that closely resemble popular or legitimate websites to deceive users. For instance, they could use variations like go0gle.com or paypa1.com instead of google.com or paypal.com to trick users into thinking they are visiting the authentic sites.
Top-Level Domains (TLDs)
In summary, when decoding URLs, focus on the domain name and TLD and ignore the rest!