One focus of our security awareness program is to help people understand where they are on the internet and to get them in the habit of checking their location. This means reviewing a website’s domain- the information contained in the web address bar. Some web addresses are long and complex, so picking out the true domain can be tricky. It’s an important skill to master, so let’s practice. Try to identify the domain of this website:

www . FBI . gov . com / urgentupdates

Is it FBI.gov? Will this web address take you to the official website of the Federal Bureau of Investigations?

In order to identify the domain, look for the final extension (.com, .biz, .gov, .edu, etc.). Then, move to the left until you reach the next period. In our example, .com is the final extension and the next period to the left is just before ‘gov.’ That means the true domain is gov.com and it will NOT take you to the FBI’s official website. It just may take you to a look-alike site designed to steal your personal information.

Scammers will create websites that mirror trusted brands or organizations in order to trick you into clicking links and sharing personal information. With the right skills, it’s possible to make the layout look like an exact copy. One thing they cannot duplicate exactly is the web address. Instead, they may use numbers that look like letters, minor misspellings, and extra extensions to trick you. It’s critical to your online safety to be able to properly review a web address and that you remember to do so before clicking or providing any information on a website.

We use the FBI website as an example today because they recently issued a warning on spoofed internet domains designed to look like the official FBI website. In this press release, they identify close to one hundred spoofed domains. They also give recommendations for staying safe online, the first being to verify the web address of the page you are visiting. Other tips include making sure your operating system and software are updated, never opening email or attachments from unknown senders or providing personal information, using multi-factor authentication where possible, and more. Combine these protections with a thorough review of the web address to stay safe online.