At the top of every web browser is the URL, which is the address of the website. It’s how you see where you are, and it’s something scammers can’t fake. So how do they try, and how can you know if you’re at a real site?
We’ve all seen them and we’ve all typed them into our browsers — our copies of Chrome and Safari and Firefox and Edge and so on — but we don’t always know how to read them.
The website address at the top of your web browser gives you an idea of where on the internet you are. You might be at a www dot something, and you might be somewhere where the www isn’t. Regardless of where you are, the website address is the place that will tell you which website you’re actually at.
It’s also one of the only tools a scammer can employ and attempt to take advantage of you with.
Scammers know a few things about us, and they have to do with the website address we can see in our browsers:
- They know we don’t know how to read them, and
- They know we don’t check them
If you learn how to read a URL, you’ll begin to check them, and that’s one of the best steps in knowing when someone is trying to scam you online.
How a URL is like a house on a street
The uniform resource locator makes more sense as “URL”, but it makes even more sense when you imagine it as a website’s address.
The URL is the short way of saying the website you’re looking for is located on this folder on this computer in this location of the world. It’s very much like a house on a street, although it’s one that can be prettied up beyond merely saying 55 Smith St.
You probably know these as domain names, and they’re the way we remember websites.
and it can be prettied up to look like it’s more than just numbers, as well. They’re google.com, facebook.com, and so on and so on. They’re
What you may not know is how they’re supposed to look, and who can use them.
How to read a URL
These URLs have what’s called a “domain” or “domain name” in them. They are the whatever-dot-com that businesses can lease, and when a company owns the domain name, they own it for as long as they keep paying for it. Usually that’s for one or two or ten years at a time, but it means they are the owners and managers of that domain name.
Simply put, if Facebook has facebook.com, someone else can’t come along and use it. It means that whether you go to
www.facebook.com, you’re still going to a website operated by Facebook.
One of the important points here, however, is that the last part of the URL is what matters, not the first.
If a website reads as
facebook.com.somethingelse.com, the actual website you’re going to is
In a website address, the last part of the URL is where the domain is, not the first. However it’s this confusion that scammers play on, and allows them to find a way through to convince us of their trickery.
Your easy way of looking at a URL is to read the domain out entirely.
In each of the above examples, the domain is
veryfishy.net.au because they end with that.
The last example looks more like a standard web address because there’s a slash. What you’re looking at fits between the http:// or https:// and another slash. That’s the website address.
Fun fact: the http or https tells a web browser that you’re looking at a website. Other codes do different things, such as “email” activating your email program, “tel” loading up your phone, or “ftp” loading up a file transfer program.
As long as the website address ends with the website address it needs to, the site is real.
That’s the key: you’re looking for a real domain name you’re hopefully already familiar with to end the address, not to start it. Work that out, and you’re one step closer to never being fooled again.