I have talked in the past about what a domain name is. Put very simply it’s the address by which your website is found. Understanding the anatomy of a domain name means I can often spot a fake/phishing email or text immediately.
I thought it would be useful to you for me to share this, so you too stand a better chance of not being fooled.
What prompted this post? I got a text that was supposedly from my bank. It asked me to click a link. That link was wrong – I spotted immediately that it was not what it pretended to be.
Domain names come in 2 parts. The bit before and the bit after the initial dot in this example: yourdomain.com . The bit before is called the Second-Level Domain (or SLD). This equates to your chosen name, for example our Second-Level Domain is BlueGiraffeWebsites. The other bit is the Top-Level Domain (or TLD), for example the .com, .co.uk, .org etc.
That’s the bit you’re probably familair with even if you didn’t know what the individual bits where called. It doesn’t stop there.
Domain Names have to be registered with a recognised Registrar but anyone can register a domain without saying what it will be used for. Once a domain is regsitered it can be attached to a website. You can have multiple domain names pointing to a single website. A single domain name cannot point to multiple websites without using a subdomain.
This is the bit that a lot of people aren’t familiar with. Each domain can have one or more ‘subdomains‘. This is where you have a dot before your Second-Level domain name (as well as after it) and something before that dot. For example I could create a subdomain that was seo.bluegiraffewebsites.co.uk – This would point to a different website to my main one.
Not all web hosting packages (where your website lives) allow subdomains.
Why is knowing this important? That text I mentioned earlier used a subdomain to try to trick me. I’m not going to give you the actual address (that wouldn’t be advisable. Yes, it’s been reported to the fraud dept and the Registrar). It was in the format bankname.newdomain.co.uk so I could easily have thought it was from my bank except…
…I don’t bank with that particular bank. The banks have their own domain names so it should have read bankname.co.uk or subject.bankname.co.uk if it where using a true subdomain.
It is easy to look at the domain name/subdomain you are being asked to visit in an email, a text or on Social Media (yes phishing happens there too). You should check the email address that suspicious emails are sent from too – but remember these can be spoofed (whole other topic) so don’t rely on that. If an email address is supposedly from a company/bank then you should expect to see the bit after the @ as their domain name e.g. firstname.lastname@example.org. Your bank. PayPal, Amazon and others NEVER send emails from Gmail, Outlook, Hotmail or in fact anything other than their domain name.
As a business you can leverage subdomains too. Get in touch if you want to explore how that could work for you.
Stay vigilant. Educate yourself and others. It’s the only way we can protect from scammers.