Location: Bowdoin / IT / FYI / Information Security / FAQ / Recognize Authentic Website

Information Security

Get Help

Submit Help Ticket 24/7

Live Chat

Faculty/Staff
x3030 or 207-725-3030
Students
x5050 or 207-721-5050

Recognize Authentic Website

Spotting fake URLs in fraudulent emails and websites

The URL (Uniform Resource Locator) is the basic address system of the web—all web pages have a unique URL that your web browser uses to find and display the page. You typically see the URL listed in the "Address" bar at the top of your browser window:

valid url ie

valid url mf

Fraudulent websites are increasingly common, and thieves will often try to disguise the rogue website by giving the site an URL very similar to a legitimate, well-known site. Ebay, Amazon, and PayPal are all popular sites that are often targets for internet criminals trying to lure the customers of these legitimate sites into disclosing personal information to impostor sites that look like the real site. The criminals then use this information in identity theft or credit card fraud schemes.

The end of the URL is what matters the most.  A real commercial URL will always end, before the first slash after company name, with companyname.com, as in "http://www.amazon.com".  This is known as the domain, e.g. "amazon.com". Sometimes companies use special URLs for different parts of their websites, but notice that the end (of 1st part before subsequent slashes) of the real URL is always the same: "http://associates.amazon.com". It's the same with colleges: the name will end with collegename.edu, as in "http://www.bowdoin.edu".  The domain is intact.

The URLs below are all fake forms of the Amazon and Bowdoin URLs. They attempt to look real, but notice how the URL endings are never the real "amazon.com" or "bowdoin.edu":

  • amazon.accounts12.com
  • www.amazon.your.com
  • www.amazon.delinquent.com
  • www.bowdoin.email.org
  • www.bowdoin-accounts.com
  • bowdoin.security12.com

Beware of Internet IP addresses in URLs.  Criminals will often use the raw IP (Internet Protocol) address of a rogue web server in place of a conventional URL name. Instead of something familiar-looking like "www.ebay.com" or "www.amazon.com" the URL might look like this:

"http://130.132.133.44/index.html"  The IP number in this scheme is almost certainly a fraud.

Thieves sometimes disguise the real URL in an email or web page link.  Sometimes a real-looking URL in a fraudulent email message or website might look just like the real thing:

     "Please update your account information at http://www.amazon.com."

The link above does not take you to "www.amazon.com," even though the text says "amazon.com."  Your web browser's "status bar" is the most convenient way to check to see where a web page link might actually take you. The status bar appears at the bottom of the web browser window. When you hold the cursor over a link, the status bar will show you the real URL the link points to. 

status bar

Another method is to paste this text into Microsoft Word and run the cursor over "amazon.com".  Hovering over a link embedded in an email also displays a pop-up with the real URL.

pop-up

Make it a habit to check the status bar when you visit unfamiliar websites, especially if you will be making purchases, providing any personal information, or downloading applications.  Be sure you are dealing with a real site, not a fake one.

This information was adapted from Yale's web-site March 2009.

Last updated March 23, 2009


Document author:
ngrant
Last modified:
Oct 02, 2009