Anatomy of a URL

By understanding the anatomy of a “URL” you will be able to better understand how the websites work and how to keep safe when clicking links.

What is a URL?

A URL (Uniform Resource something-or-other) is a unique address of a webpage. Like everything else that has an address: URLs are unique.

URL anatomy

First thing to know: The Slash /

The slash, is a key character in a URL. It separates different sections. You need to be able to recognize the slash so you can recognize the different sections of a URL.

http:// or https://

At the beginning of every URL is either an http:// or an https://. The “s” stands for secure. This means traffic between your computer and the website is encrypted (that’s a good thing).

Safety Tip: Whenever you type a password in a webpage, before you hit enter on your keyboard, you should make sure the website URL starts with https:// and not just http://.

Domain Name

After the http:// comes the domain name. The domain name stretches from the double slashes (://) all the way to the next slash (/).

http://this.is.the.domain.name.com/gobley-gook-random-mishmash?#&q

The “top” level domain name is the last word after the period. Usually this is “.com.” A .com is for commercial organizations. Other top level domains you might recognize are .gov (government), .org (non-profits), and even national ones like .ly (Libya) or .uk (United Kingdom).

When you look at a URL you must be able to recognize the domain name. You do this by looking at the slashes and periods. For now, focus on whatever is between the http:// and the first slash. Ignore anything after the first slash.

Within the domain name section, look at the periods, specifically the last period. The last period separates the “top” level domain from the “official name” aka the main name aka the real name of the actual business who owns this domain.

For example, how do we know that http://www.pepsi.com is owned by Pepsi? Well, we assume they bought it and that they wouldn’t let anyone else parade around with it acting like them. But, that doesn’t mean that something else can’t buy anotherpepsi.com and put up a website.

So, look at a URL, specifically at the domain name section between the :// and the first / and even more specifically right before the last period in that section, and identify whether or not it’s for the domain name you’d expect. Here’s a quiz to test your knowledge, which are probably NOT actual PayPal properties?:

a) paypal.com
b) www.paypal.com
c) paypal.requestfunds.com
d) requestfunds.securetransmittal.paypal.com
e) paypal.i-live-in-a-van.down.by.the.river.gimmemoney.paypals.com

In the above list,  If you guessed C and E you are correct. If you guessed something else, re-read this article.

Here’s another way to ponder this:

a) www.google.com
b) www.googlem.com
c) www.yourgoogle.com
d) www.google.ly

In the above list, only one of those domain names is sure to be owned by the company Google. The other two could be owned by anyone. How do we know? We look in between the 2nd-to-last and last periods, for the “official” name.

Web Page “Path”

Everything to the right of the first slash is the “path” of a webpage. Sometimes this section will be broken up by more slashes. This section quite frequently includes a bunch of apparent gobbley gook.

https://docs.google.com/document/d/1KGsegsLe7RytssUW_DgVpYpZUUBq_JPhuN2RpG2WRdk/edit#

But it is that gobbleygook that makes it unique. The gobbleygook is why you can add a bookmark to a webpage.

Now that you know the anatomy of a URL, you can more safely evade phishing and more quickly know if your traffic to that website is encrypted or not.

 

How to Spot a Phishing Email

Short answer: Hover over hyperlinks and look in the lower-left of your browser to verify the address (eg: URL) that the hyperlink is going to (check out the Anatomy of a URL if you don’t know what a URL is). If the name of the link and the address don’t match, or the domain name the link is going to looks wrong, don’t click it.

recognize phishing

Long answer:

“Phishing” is a sinister way malware tries to trick you into giving it your password.

Here’s how it works. An email gets sent out (spammed) to thousands of people with what looks like a normal link in it. These links used to be for things like “make your penis larger!” but over the years they’ve grown more savvy. Recently they’ve been saying stuff like “here’s my resume” or “login to verify your account.” Sometimes they’ll pose as if they’re from something familiar: PayPal, eBay, Google, etc.

A small percentage of the folks that get the spam will click the link. The link goes to what looks like a normal/official webpage, and it asks them to put in their password. They do so. The malware then uses their password to login to their email account and send the email out to everyone in their address book. And so on and so forth.

Your best defense against phishing is your wits. You may have heard the common advice to not click any links or attachments in email that you don’t recognize, aren’t expecting, or look fishy. But more and more malware is become savvy and posing itself as if it were legitimate email from someone you know (some of them even have decent english grammar).

Here’s one piece knowledge that will aid you as you confront the potential of receiving phishing emails:

Whenever you see a hyperlink (in an email or on the web), hover your mouse over it (see image above). Notice in the lower-left-hand corner of your web browser it shows you the actual “URL” (address) where the link would take you. If the link says one thing but the actual URL is something different: chances are it’s phishing. For example, if the email appears to be from PayPal, and the hyperlink says PayPal, but the actual URL is to anything other than PayPal, then best to be safe and not click it.

In the case of the screenshot above, the actual URL that shows when I hover over the link goes to xaynha247.vn. Right off, the domain name looks odd. But to be sure I can go to http://scanurl.net and type in the domain name.

When I do that for xaynha247.vn, sure enough the results show it as unsafe:

web-of-trust

So to stay safe and help you decide whether or not to click a link, make a habit of hovering over links in email and verifying the URL before clicking them.

9 Reasons No One Replied to Your Email

wordsoupemailreply

Short Answer: You didn’t take the time to craft your email from the perspective of your audience.

Longer Answer:

Email is still very much a cornerstone of how we communicate in work and our personal lives. Having a good understanding of how easy or hard your emails are to reply to, will help you become that much more of a successful communicator.

1) You didn’t ask a direct question.
The main thing to remember about email is it can be time consuming for some folks to manage. The longer your email the less chance there is people will have the time to ferret out your question(s) and send a reply.

2) You didn’t number your questions.
Giving numbers to your questions gives them legitimacy and allows the question to be referenced in subsequent replies without having to rephrase the whole question. For example, the sender says: “1) Do you like pie? and 2) Do you prefer whip cream or ice cream?” The replier, then, can easily say “1) Yes, 2) ice cream.” This saves the replier time in writing their response and makes it more likely you’ll get one.

3) You didn’t use people’s names in the body
This one happens frequently in the workplace, usually when emailing peers or subordinates. Imagine you’re sending an email to multiple people as an FYI but in your mind there is one person you want to answer. But in the body you didn’t use anyone’s names, so everyone thinks someone else will reply. Instead of saying “Can you bring the pie?” you should say “Jack: Can you bring the pie?”

4) You didn’t “honor time”
The first line of the email should concisely pose your question. You can add details in a subsequent paragraph, but give your recipient(s) the benefit of the doubt that they’re smart enough to answer your question without requiring a ton of back-story. Also, re-read and re-edit your question to make it as meaningful and concise as possible.

5) You didn’t ask for Yes/No answers.
Yes/no answers are quick and easy and definitive. Don’t ask people to write paragraphs in email – that’s what a verbal conversation is for. Instead, craft your question so it’s very easy to answer in either yes/no or a few words.

6) You didn’t make it clear that a response is required.
If your email suffered from any of the above, and you also weren’t clear that you need a reply, then you’re not going to get one. When asking for a reply, it’s best to include a timeframe so your recipient can prioritize. Eg: “Jack: please let me know by Tue evening.”

7) You were relative instead of absolute.
In your mind it makes sense, but you always must re-read and re-edit from the perspective of the recipient(s). How will they read it, and in what context? To ensure they’re getting your intended meaning, be absolute and not relative. Instead of “today” use the day of the week, “Wednesday.” Who knows, they might be reading your email on Thursday.

8) You used email when you should have used a collaboration tool
Email is not a great tool for collaboration, particular with groups. Instead, if collaboration is required, use a better tool. For example you can use Google Docs if you want folks to contribute feedback on a body of text, or any number of other handy collaboration tools found online (checkout Doodle for scheduling meetings or Tricider for getting opinions).

9) You don’t have your phone number in your signature.
Your signature doesn’t need to include your email address, but it should definitely include your phone number. And it may not increase your odds of getting an email reply, but if your number (preferably direct and not through a secretary) is there plain for recipients to see, chances are better if they’re confused they’ll just call.