What’s a URL?

by | Jul 15, 2022 | 1 comment

The best way to stop phishing is understanding how to read URLs and knowing what common phishing attacks look like. 

The many parts of the URL

The URL is what you see at the top of this page (https://socialism.tools/…). Mozilla has a nice graphic that helps break all the parts of the URL down:

We’re most concerned with the Domain Name here, which contains three main parts.

.com is the top-level domain name (TLD). When purchasing a domain name, you need to choose the domain (sometimes called the second-level domain) and the top-level domain. socialism is the domain, and tools is the top-level domain. These are the two most important parts of a URL. They will always appear together.

As an example, socialism.tools.com is not this web site — the  domain is tools and the top-level domain is com, meaning that server is different from the server that runs socialism.tools.

What’s socialism in that example above, then? After purchasing a domain, a web developer can configure their web server with an unlimited number of subdomains, like chat.socialism.tools, login.microsoft.com, or accounts.google.com. You don’t buy these, you just make them whenever you want, and you can make as many as you want for any domain you own. There is no technical limitation that would prevent the creation of login.google.com.myverycoolnewwebsite.com. It’s critical to remember that the top-level domain and domain name will always be together after any subdomains.

What’s the real Google login URL?


google.com is the top-level domain you need to look for. Remember that the top-level domain must match the second-level domain.

What’s that little lock icon, anyway?

The lock is good, but not magic

Covering the first part of the diagram, you will likely not see the scheme or a port number in your browser — don’t worry about it. This used to matter because port 80 was for insecure web browsing and 443 was for secure web browsing, but several years ago nerds the world over pushed to make any website worth visiting secure; and vendors like Google removed the scheme from view to focus more on the URL. You should see a little lock icon next to the domain name in your browser, and that’s all you need to worry about for now. 

Note that the lock icon says your connection is secure, but this doesn’t mean the site is legitimate. You can be securely connected to the web server of a fraudster.

Putting the pieces together

Finally, the path, parameters, and anchor are all different ways for the source server to organize content, they don’t have an impact on phishing. The important thing to remember is that, like subdomains, these can be anything. However, they will always be in order. That means the top-level domain and domain name will always be together after any subdomains and immediately before the path.

Why this really matters

Phishing attacks are frequent and can be devastating. They’re cheap to run and are powerful enough to swing elections and make or break careers. This course focuses on phishing first, because there is an extremely high chance you will be phished in the future if you haven’t been already. Knowing the parts of the URL and how to distinguish the real from the fake is your most powerful tool, and next, we’ll share some tricks phishers utilize to distract you from looking at the URL.

Before you continue, I strongly recommend taking this quick eight question phishing test.

The above content is part of a course on socialism.tools. If you login, you’ll see quizzes and links to other lessons in the course.