Spotting a deceptive web address (Article 3719) - Article 3719

Scammers are good at coming up with website names that seem legitimate but take you to a site you didn’t intend to visit—often a troublesome one that could infect your computer with malware.

Their trick: include just enough recognizable words and phrases to confuse people. At first glance, when you see those familiar words, it seems real. But a closer look reveals that it’s bogus.

An example:

These email messages claim to come from ITS, and you recognize phrases like uiowa and outlook.

http: //uiowaoutlook.uiowa.com.ru/outlook.htm

http: //216.32.44.201/outlook.htm

But, both are bogus, and here’s how you can tell. Ignore everything that comes after http:// and the first “/”. What remains there, sandwiched in the middle, is the actual site name:

http: //uiowaoutlook.uiowa.edu.ru/outlook.htm 

The first example includes “uiowa.edu,” but ends with “.ru” The “.ru” indicates a site in Russia—a highly unlikely origin for a message about any UIowa account.

The second example doesn’t have the host name, just the numeric address (IP address) that underlies a host name. A URL that only includes an IP address should be treated with great suspicion.

http: //216.32.44.201/outlook.htm

One more clue

We’ll wrap up this lesson with one last tip:  Watch for letter substitutions.

You might see something like service@u1owa.edu, with the number 1 used in place of the lower case i. in “uiowa.”

Or, Helpdesk @its.ui0wa.edu, with a zero rather than the letter o.

Info Center: