top of page
  • LinkedIn
  • Facebook
  • Instagram
  • Threads
  • X
  • Soundcloud
Search

How to Spot Phishing Links: A Beginner’s Guide to Domains and URLs

  • Hamed Mirjahanshahi
  • May 15
  • 4 min read

Listen to the Blog Post here!



Have you ever wondered how to tell if a link is safe to click? Cybercriminals use sneaky tricks to disguise malicious websites and phishing emails, often by creating fake domains and misleading URLs that look almost real. But with a few simple skills, you can learn to spot the red flags and protect yourself online. In this beginner-friendly guide, we’ll break down what domains and URLs really mean — in plain English — so you can browse and click with confidence.



What’s a Domain?



The internet works on something called IP addresses — a string of numbers like 172.18.4.74 that identifies each device or website. Since remembering numbers for every website would be impossible, we use domain names instead, like mybusiness.com. Behind the scenes, a system called DNS (Domain Name System) connects the name to the correct IP address.


Think of a domain name as a website’s official name or online identity. It’s a digital property that a business owns and renews regularly. Every time you type a website address into your browser, you’re using that domain name.


A domain name has at least two parts, separated by a dot:


Second-Level Domain . Top-Level Domain

Example: mybusiness . com


The Top-Level Domain (TLD) is like choosing a category or type for your website. You can pick from generic options like .com, .net, or .org, or country-specific ones like .fi (Finland), .jp (Japan), or .ca (Canada).


The Second-Level Domain is the unique name you choose, similar to choosing a username on social media. It has to be unique within each TLD. For example:


  • Mybusiness.com (registered by John)

  • Mybusiness.se (registered by Rose in Sweden)


Sometimes, people intentionally register similar-looking domains to trick others. They might use these fake domains to send phishing emails or create fake websites that look like a trusted brand. That’s why it’s important to pay close attention to domain names when checking links.


Tip: You can look up who owns a domain using a WHOIS service. For .com and other generic domains, try lookup.icann.org. For country-specific domains, use that country’s WHOIS tool. Just remember to check the main domain, not the subdomain.



What’s a Subdomain?



A subdomain is like a department within a business. It’s connected to the main domain name with a dot. You can even have subdomains of subdomains. When reading a domain from right to left, the third (or fourth) part is usually the subdomain.


For example:


  • Main domain: mybusiness.com

  • Subdomain 1: sales.mybusiness.com

  • Subdomain 2: marketing.mybusiness.com

  • Sub-subdomain: brand.marketing.mybusiness.com



All these addresses still belong to mybusiness.com, and you can find the owner info through a WHOIS lookup.


Here’s an example with a country-specific domain (.co.uk for the UK):


  • Main domain: mybusiness.co.uk

  • Subdomain 1: sales.mybusiness.co.uk

  • Subdomain 2: marketing.mybusiness.co.uk

  • Sub-subdomain: brand.marketing.mybusiness.co.uk



For .uk domains, use the UK’s WHOIS service at nominet.uk/lookup.



Watch Out for Hyphens and Dot Tricks



Phishing attackers often create fake domains that look similar to real ones by adding hyphens or moving dots. Even small differences can point to completely different, malicious websites.


For example:


  • Legit domain: mybusiness.com

  • Malicious domain: my-business.com



Adding a hyphen makes it a different domain entirely — and anyone can register it.


More examples:


  • Legit subdomain: sales.mybusiness.com

  • Malicious domain: sales-mybusiness.com



They may also move a dot to trick you:


  • Legit domain: mybusiness.com

  • Malicious domain: my.business.com



In this case, the attacker registered business.com and added my as a subdomain.



Now Let’s Talk About URLs



A URL is like a domain name with extra parts before and after it. When you click a link in an email or on a website, you’re clicking a URL that points to a specific location online.


Let’s start with what appears before the domain. Most URLs begin with https, which stands for Hypertext Transfer Protocol Secure. This means the connection between your browser and the website is encrypted so no one in the middle can read the information — only you and the website.


However, https does not automatically mean a website is safe. Cybercriminals can also use https to make their sites look legitimate. Today, https is standard practice, and browsers like Chrome and Firefox enable it by default.


Next, let’s look at what comes after the domain. Right after the top-level domain (like .com, .org, or .co.uk), you’ll see a forward slash followed by more text. This part refers to a specific page or section of the website.


In most cases, you don’t need to worry about this part. Sometimes it’s clear, like:


  • https://mybusiness.com/contact-us

  • https://sales.mybusiness.com/shoppingcart



Other times it might look like random numbers and letters, such as:


  • https://privacy.mybusiness.com/837bc37-ce4685



Either way, what comes after the top-level domain is just part of the website’s internal structure.


Hope this guide has helped you better understand domains and URLs, and given you practical tips for spotting phishing links and suspicious emails. Stay tuned for more beginner-friendly cybersecurity advice to keep you safe online.


Note: The domains mentioned in this post are purely examples and are not categorized as either legitimate or malicious.



Stay safe out there!

 
 
bottom of page