LCC Connect host and Director of Information Security, Paul Schwartz describes how to identify a legitimate web site address by dissecting the URL (Uniform Resource Locator) for the root domain name.
Welcome to the Safety Plan, the show where I cover the latest cyber scam and how to avoid it on LCC Connect Voices Vibes Vision. I'm Paul Schwartz and I'm happy that you are here. Let's do this.
This morning my daughter was singing this song by Fleetwood Mac called Landslide.
And now the song is stuck in my head. I guarantee you've heard of it.
I took my love and I took it down I climbed a mountain and I turned around and I saw my reflection in the snow covered hills Till the landslide brought me down. Well, okay, so my kid was singing it with cybersecurity words. It went something like this.
I started my computer but it was locked and I saw ransomware and it was quickly encrypting till the antivirus stopped the malware. Well, jeez. Obviously the college has allowed me budgetless artistic freedom on this show and I will take advantage of that position.
So welcome to the Safety Plan Show. Here's the format.
I will describe a real world cyber scam like phishing or malware, identity theft, a Nigerian prince scheme, IRS imposter scam, scareware, or one of the many, many, many other cyber scams. And I will then explain why it could happen to you. And finally, I will explain how to protect yourself so it doesn't happen to you.
So why should you listen to the Safety Plan episodes? First, as a leader, I want to share my cybersecurity knowledge with you so that you can hopefully learn and grow and become inspired by it.
Second, a community knowledgeable on cyber scams will not fall for them in the future.
And third, if people start practicing good cyber practices in their lives and at home, then they practice those same skills at work, which makes your business or company or local community college more when, when and when so I am Paul Schwartz. I work at Lansing Community College as the Director of Information Security. I coordinate security issues for the college.
Things like data breach, coordination, account compromise, investigations, vulnerability, scanning of our network, reviewing emails for legitimacy, implementing projects to improve the college security, proactive phishing our employees and training them on security and many, many other security tasks. I've worked in cybersecurity for 28 years, including 20 years in the air before ending up at Lansing Community College.
I drive a vehicle with doors that close with the click of a button so people think I know stuff. Which proves I am smart. Smrt smart. Okay, it's now time for the cybersecurity roundup. Let's focus on today's topic, how to read website addresses.
Phish emails usually contain links to Websites that contain malware or ask you for your credentials. The links are often hidden behind welcoming text or images, such as a click here button that will encourage you to click on that link.
It's very easy to make the text say one thing, but the link to point somewhere else. Before opening any email link or website link, the first step is to hover your mouse over the image or the link without clicking on it.
Now this will reveal a pop up box that will reveal the true website that it will go to. Let's look at two website addresses. We call those embedded URLs. URL stands for Uniform Resource Locator.
A URL is nothing more than the address to a given unique resource on the web. In this example I'm going to talk about, we have two buttons that say click here, but behind them are two different website addresses.
Although these two links or these two pictures of click here look exactly the same, one could lead to a legitimate site, say like LCCedu, while the other one could lead to someplace different. You know, in my example it goes to malware.com so a bad site.
And so even though that say the text or the picture looks exactly the same behind it that that address, that's where it gets tricky. Okay, so this goes to show you that the text or picture on your computer screen has nothing to do with where that embedded link leads.
If it's a phishing email, the visible text or picture will be just part of the scam. It's there to fool you, so ignore it and find the real target of the link.
Okay, so now that you've hovered over that picture or that text and it brings up that little pop up box that gives you the true address of the link, the next step is to be able to, if it's a legitimate destination web address from a fake one using this rule, the second to last dot and first slash rule. Okay, second to last dot and first slash rule.
So what this means is when you look at that URL or that web address, ignore anything that comes before the second to last.in the web address when reading it from right to left from the first slash and ignore whatever comes after that first slash and the address. Okay, so let's talk through this address. It starts with HTTPs. Now that stands for hypertext transfer protocol.
And that's just the communication protocol that goes between your browser and that web server to push up and bring down the website. Now here it is. Www.google.com search Fleetwood Mac landslide lyrics. Which is what I look for to get the lyrics to The Fleetwood Mac song.
Okay, so that's the URL. Now, the second to last dot would be that dot google.com so that dot between www and google, that's the dot.
And then the first single slash would be after www.google.com and then search Fleetwood Mac. So that's the demarcation here that we're going to look for to identify the root domain name. Okay? And that's the real address.
Criminals can't modify that root domain name. And that's what comes after the second to last stop. But before the first, it is the only part of the website address that scammers can't change.
So they could change stuff before and stuff after it, but that root domain name cannot be changed. And so that's the way to establish whether it's legit or not.
So in my example, it's google.com and simply the root domain of Walmart is walmart.com and facebook is facebook.com and at Lansing Community College, it's LCC edu. Criminals try to disguise their own scam site as a legitimate one by creating similarly named domains and hoping that it's good enough to fool you.
So in my example, instead of google.com, it might be google.com.org or Google Co CEO or Google Web hoping to trick you into thinking that you're actually going to google.com so it's your job to understand which site you're going to.
And if you don't know the real site you're going to, what I recommend is going to just coincidentally a search engine like google.com and searching for the name, say, Pepsi in the search results, it'll show you the legitimate site, which is probably Pepsi. And so then you would know, well, when I go to Pepsi every time, it's not Pepsi Web or Pepsi Co or Pepsi.whatever.
And so you'll be able to recognize the true root domain and know you're going to legitimate address from a fake one.
Say if fish got sent to you, pretend to be a promotion card from Pepsi giving you a free case of Pepsi Cola, but the link says it goes to Pepsi.com you know gov. That would be a red flag to know not to click on that link and potentially get, you know, malware compromise or account compromise.
For criminals, it's not difficult to set up a fake web address. For only a few dollars, anyone can register an unused domain name in a matter of minutes.
Merely having a website address that looks like a real company's name is no guarantee at all.
If you have any doubt as to the authenticity of a web address, the best course of action is to not open the link by clicking on it in an email, but find the site in a browser through a bookmark or a separate Google search for the real site.
If you are unsure of the link, you can scan the link for safety by right clicking on the link and selecting Copy Hyperlink and then opening up a browser and going to virustotal.com or hybrid-anxiety.com in that browser and then paste the link into those for a review.
Now, those sites run the URL or that website address through a whole bunch of different antivirus products and a whole bunch of different scanning, vulnerability, type analysis and let you know whether that link is malicious or phishing or suspicious or if it's legitimate. All right, well, that's a wrap of today's Safety Plan episode.
If you have any questions or have been a victim of a cyber scam, tell me about it by emailing LCC ConnectCC.edu. Or you can find more info and past episodes of the Safety Plan on the Internet at LCC.edu connect.
This episode of the Safety Plan was recorded by Paul Schwartz in the TLC Tower in Downtown Lansing Community College and produced by Layne Ingram and engineered by Big D Daedalian. I'm Paul Schwartz and this is LCC Connect Voices, Vibes, Vision, so Long.
