Frequently Asked Questions

Purpose of Document

This document provides an overview of website addresses (URLs) to help clarify how to read and interpret them. It breaks down key URL components and highlights critical indicators to watch for, as scammers often create misleading URLs to trick users. Understanding these elements is essential for recognizing potential threats.

What is a Web Address?

The web address, also known as the URL (Uniform Resource Locator), serves as the unique identifier for a webpage, much like a home address. It organizes information about the webpage’s location in a structured and predictable way, making it easier to access and navigate online.

Web Address Structure

Lets first take a look at some fraudulent and valid examples.

 

 

What is a Subdomain?

A subdomain is the portion of a web address that appears after the protocol (http: or https)  but before the main domain name. While not always present, subdomains are commonly used to create distinct sections within a larger domain, helping to organize content or separate different parts of a website. For example, in https://app.carthage.edu/, "app" serves as the subdomain.  But hackers commonly use them to create an appearance of a legitimate site, as in the second example above.

What is a Domain? 

Think of the domain name as the address of a house. It tells people where to go to find you on the internet.

 

It's the core identity of a website.

 

Domains are essential for organizing the internet, strengthening brand identity, and improving website visibility. They also help establish a professional online presence, making it easier for businesses and individuals to connect with their audience. For example, in https://app.carthage.edu/, "carthage" is the domain.

What is a Top Level Domain?

The top-level domain (TLD) is the final part of a domain name, appearing after the last dot. TLDs come in various forms, each serving a distinct purpose. Some are generic and widely available for general use, while others are country-specific, representing particular nations or territories. Additionally, some TLDs are restricted and managed by specific organizations, requiring users to meet certain criteria for registration. In recent years, new TLDs have been introduced, providing more options tailored to different industries, interests, and branding needs. For example, in https://carthadge.edu/, "edu" is the top-level domain.

Hovering Over Links to Identify Web Addresses

A quick and easy way to verify a Web Address before clicking is to hover over the link with your cursor. This will reveal the full Web Address, usually displayed in the bottom left corner of your browser. Below is an image illustrating how the full Web Address appears when you hover over a link.

Hovering Over Links to Identify Web Addresses

Question

A link is provided below. Can you identify where it will take you if you click on it?

www.carthage.onelogin.com 

Comparing Web Address Structures

Before we dive into how to read a web address, it's important to understand that Carthage uses a security system called Mimecast to protect against online threats by recasting links in emails. While Mimecast adds an extra layer of security within emails, once you click on a link and navigate outside of your inbox, you'll encounter regular web addresses.

Having a basic understanding of how URLs work is essential for staying safe online. In this guide, I’ll walk you through two examples: one showing a standard web address and the other demonstrating how it appears after being recast by Mimecast. This comparison will help you better understand how both types of links function.

Regular Web Address

https://app.carthage.edu/directory/accounts/login/?next=/directory/search/name/ 

Mimecast Recasted Web Address

https://url.us.m.mimecastprotect.com/s/7XKDCR8NJZTkLyqBFVe3TzGc91?domain=app.carthage.edu

 

Web Address Structure 

I've highlighted the key elements of the structure in both standard and Mimecast web addresses. While both contain essential domain information, their arrangement differs. In Mimecast links, the critical domain detail appears at the end of the domain= parameter, following a consistent format. In contrast, standard URLs typically begin with https://, immediately followed by the domain or subdomain.

Understanding these differences will help you recognize the key parts of a URL and assess its authenticity more effectively.

How To Identify The Domain Name

Identifying the Domain is the key, as it identifies the organization or service behind the webpage. Every URL contains a single domain.

To make identification easier, the domain is highlighted in yellow and the TLD in green in the example below. Understanding this structure will help you quickly and accurately determine the true source of a website.

Regular Web Address

https://app.carthage.edu/ 

 

Mimecast Recasted Web Address

app.carthage.edu

Top Level 

The top-level domain (TLD) is the part of a domain name that appears after the last dot (e.g., .com, .org, .edu). At our institution, the most commonly used TLDs are .edu and .com. To easily identify the TLD in a web address like https://app.carthage.edu/, simply look at the portion before the first slash. If there’s no slash, the last part of the URL is the TLD, which represents the domain's extension.

 

Top-Level Domains (TLDs)

• These are the endings of website addresses.
• They come after the last dot in a domain name.
• Examples: .com, .org, .net, .uk, .edu

Types of TLDs

There are several categories:

• Generic Top-Level Domains (gTLDs): These are some of the most common.
  • .com: Originally for commercial businesses, now used widely.
  • .org: Typically used by non-profit organizations.
  • .net: Originally for network providers, now used more broadly.
  • .info
  • .xyz
• Country Code Top-Level Domains (ccTLDs): These are assigned to specific countries.
  • .us: United States
  • .ca: Canada
  • .uk: United Kingdom
  • .de: Germany
• Sponsored Top-Level Domains (sTLDs): These are for specific groups or purposes.
  • .edu: Educational institutions
  • .gov: Government agencies
  • .mil: Military

Hackers might set up deceptive TLDs, for example

 

app.carthage.edu - is Carthage College

app.carthage.net - is NOT Carthage College

How To identify The Subdomain

Subdomains are often the most exploited part of a web address. It's important to note that not all URLs include subdomains; they appear right after the domain. For example, in the URL app.carthage.edu, "app" is the subdomain. However, a phisher could create confusion by adding multiple layers, such as app.carthage.secure.com. In this case, "app" and "carthage" are subdomains, while "secure.com" is the domain. Phishers can even extend the subdomain further to obscure the fact that the URL ultimately ends with secure.com, making the address seem more legitimate than it really is. The subdomain is highlighted in light blue.

Spelling and Usage of Separators in URLs

Cybercriminals often manipulate URLs to make fraudulent websites appear legitimate. They achieve this by altering spellings, removing or adding dots, inserting hyphens, or making subtle tweaks that are easy to overlook. These deceptive techniques are commonly used in phishing attacks to trick users into revealing sensitive information.

For example, a URL like https://app-carthage.edu.secure.com/ might seem authentic at first glance, but careful scrutiny reveals that secure.com is the actual domain name, not carthage.edu. This small but crucial detail exposes the link as potentially dangerous.

To protect yourself, always inspect URLs carefully before clicking. Check for unexpected characters, misplaced dots, or additional words that could indicate an attempt to mimic a trusted site. When in doubt, manually type the web address into your browser or use official sources to navigate securely.

Questions and Explanations:

Question 1: Which of the following is the correct OneLogin web address? (Select one.)

1.  https://cartahage.0nel0gin.com/
2.  https://carthage.onelogin.com.secure.com/
3.  https://carthage.onelogin.com/

Explanation:

To determine the correct web address, it's essential to identify the intended destination and recognize key differences between the given options.

• Option A contains a misspelled subdomain in "carthage" and includes numbers in the domain, which suggests an attempt to imitate the legitimate site.  
• Option B also tries to mimic the original but uses additional subdomains designed to mislead the user. The key here is identifying the actual domain—"secure"—while "carthage.onelogin.com" are subdomains. This structure indicates that Option B is a phishing link.  
• Option C: has the correct domain, "onelogin," which represents the legitimate service. There are no spelling errors, and "carthage" is correctly positioned as a subdomain, following the proper structure for Carthage users. Meaning option C is correct.

 

Question 2 :Which of these are a valid top-level domain (TLD)?

1. .com
2. .co
3. .help
4. .xyz
5. All of the above

Explanation:

There are over 1,000 different types of Top-Level Domains (TLDs) on the internet, each serving various purposes. Here are a few examples:

• Option A: .com – One of the most widely recognized TLDs, commonly used for commercial businesses and general websites.  
• Option B: .co – Originally designated for businesses in Colombia, but now open for global registration and often used as an alternative to .com.  
• Option C: .help – A generic TLD typically used by businesses or organizations offering support, assistance, or troubleshooting resources.  
• Option D: .xyz – A flexible TLD that has gained popularity, but due to its low registration cost, it is also frequently associated with phishing and spam.

 

• Option E: All of the above are valid TLDs. While some may seem more reputable than others, it's important to remember that any TLD can be used in a phishing attempt. Always verify a URL carefully before clicking. Meaning option E is correct.

 

Question 3: How do hackers use subdomains to mislead users?

1. They can put ‘carthage’ in the subdomain, even though they have no affiliation with the college
2. They can include special characters to confuse users
3. They can create long subdomains to confuse users
4. They can create subdomains that closely resemble legitimate domains, so the user misunderstands the actual domain name
5. All of the above

 

Explanation:

Subdomains are one of the most commonly manipulated parts of a domain, as attackers use them to confuse users and make malicious websites appear legitimate. Let’s examine each option to understand the correct answer:

• Option A: Attackers can easily add misleading subdomains to a URL, but the key detail to focus on is the domain, as it represents the true identity of the website. For example, in https://carthage.supportwebsite.com, the domain is supportwebsite.com, while “carthage” is just a subdomain. This tactic is often used in phishing scams to trick users into believing they are visiting a trusted carthage owned site.  
• Option B: Special characters in URLs follow strict rules. While hyphens are allowed in domain names and subdomains, other special characters are typically reserved for specific purposes. In https://carthage.support-oneloginuser.com, the hyphen within the domain (support-oneloginuser.com) makes the URL appear more credible. Phishers often use hyphens to create deceptive domains that closely resemble legitimate ones, like onelogin.com. However, legitimate organizations typically use verified domains without unnecessary alterations, so small changes like this should raise suspicion.  
• Option C: Attackers frequently use long subdomains to obscure the true domain and make a URL seem more legitimate. A link like https://carthage-userlogin.security.onelogin.badwebsite.com may appear trustworthy at first glance, but a closer look reveals the actual domain as badwebsite.com. Phishers use familiar keywords related to trusted services to make their links seem authentic, so always identify the core domain and verify its legitimacy.  
• Option D: This method relies on familiar elements within a URL to create a false sense of legitimacy. For example, https://carthage.onelogin.badwebsite.com might appear credible because "carthage.onelogin" looks similar to an official domain. However, these are just subdomains designed to mimic a trusted site—badwebsite.com is the true domain, revealing the phishing attempt.  
• Option E: All of the above. Phishers use a variety of techniques—including manipulating subdomains, inserting hyphens, and crafting deceptive URLs—to mislead users. Recognizing these tactics is essential for identifying and avoiding phishing scams. Meaning that option E is the correct answer.

 

Question 4: What’s the domain in this web address: https://orders.acct38764.HugeSavingsStore.com

1.  https://orders
2.  HugeSavingsStore.com
3.  https://orders.acct38764

Explanation:

• Option A: This is the starting point, indicating the protocol and one of the subdomains provided for use. This shows that it’s not the domain of the web page itself.
• Option B: As we can see, this appears before the TLD, indicating that the domain here is Hugesavingstore. Therefore, this is the correct answer, as it contains the actual domain.
• Option C: This has the same structure as Option A, but with the addition of another subdomain. It only includes the protocol and subdomains, meaning this is not the domain in this option.

Question 5: This is a deceptive web address, unaffiliated with Bank of America.

What is the domain in this web address:

https://bankofamerica.security-update-login.com/

A.) .com/

B.) https://

C.) bankofamerica.

D.) security-update-login

• Option A: The “.com/” appears at the end of the web address, following the domain. As a common Top-Level Domain (TLD), it helps define the domain but is not the domain itself.
• Option B: When found at the beginning of the web address, this represents the protocol (e.g., “http://” or “https://”), not the domain. Therefore, this is not the correct answer.
• Option C: Positioned after the protocol but before the domain, this refers to a subdomain, not the main domain. Since subdomains do not define the core identity of a website, this is also not the correct answer.
• Option D: This part of the web address appears right before the TLD and may include hyphens, but that does not change its role. It represents the actual domain of the web address, making this the correct answer.

Question 6: What's the Domain in this web address:

http://microsoft-support.auth-verify.help/

 

1. auth-verify.
2. http://
3. help/
4. microsoft-support.

 

Explanation:

• Option A: This part of the web address appears right before the TLD and may include a hyphen, but that does not change its function. It represents the actual domain of the web address, making this the correct answer.
• Option B: When located at the beginning of the web address, this represents the protocol (e.g., “http://” or “https://”), not the domain. Therefore, this is not the correct answer.
• Option C: The “.help/” appears at the end of the web address, following the domain. As a common Top-Level Domain (TLD), it helps define the domain but is not the domain itself.
• Option D: Positioned after the protocol but before the domain, this refers to a subdomain, not the main domain. Since subdomains do not define the core identity of a website, this is not the correct answer.