Recognizing a Phishing URL

7 February 2024

Many types of cyber attacks rely on sending a link in a way that encourages people to trust it and click on it. In order to identify a malicious URL it is helpful to understand the parts of a URL and how hackers can hide their intent by putting something you are expecting to see (like “Carleton” or “amazon”) into the wrong part of the URL.

A breakdown of a URL into its different parts.

The first and most important thing to focus on is the domain of the sender. This is the stuff that comes between the two slashes and the first single slash.  In this example, that’s “”. This tells you the domain of the sender.

Most of us are familiar with TLD (Top Level Domain) options of .edu, .com or .org. But there are now more than 1500 TLDs. If you think it’s coming from Carleton, it will say “” and not “” or “” or any other TLD.

Example URLs broken into their different parts.

These are examples of legitimate URLs associated with Carleton. The yellow parts show the domain that is hosting the resource. The green parts show the hostname for the service on that domain. The other parts are important for getting you to a particular resource, but they are less important when it comes to identifying whether the domain providing this resource is legitimate or fraudulent.

Hackers can recreate the look of a Carleton login page, and they can send an email that looks like it’s coming from Google or Amazon. But most of the time they host those fraudulent resources on an unusual domain. Learning how to (and taking the time to) review those URLs is a really important step in knowing whether or not to click on that link or enter your password.

If you ever have a question about whether an email or a domain is valid, please don’t hesitate to contact the sender of the email directly (not by replying to the email) and wait for confirmation from that person. You are also welcome to reach out to the Helpdesk at 507-222-5999. Thank you!

Posted In