One of the best ways to defend against deception is to take a critical look at the internet address and/or e-mail address and evaluate it for authenticity.
Websites and the originating site of an e-mail usually have an address based on the domain name – for example .com, .gov, or .edu. A list of common extensions is available in the article Understanding Web Site Names.
Ask yourself whether the extension matches the purpose of the site. For instance, a governmental site or e-mail would typically end in .gov. If the domain name associated with the site or message is .com, be suspicious.
Sometimes, the site's name ends in a country code (e.g. .uk, ro, .ru or .ca). When you see this, judge whether it’s being used in the correct context. For example, would your local bank e-mail you from Romania or direct you to a website based there? It is unlikely they would.
Even when the site name seems plausible, watch for these other red flags:
Concealed web addresses – In web pages or e-mails, links might say one thing and link somewhere different.
Deceptive addresses – Scammers often create deceptive web addresses that resemble legitimate ones.
Forged e-mail addresses – In e-mails, the “From” address field is very easy to fake.