Search Google Appliance


Anatomy of a Web Address
Author: Michelle Malkasian, Office of Information Technology
Posted: December 19, 2013

Phishing attacks are a form of electronic fraud that often take the form of "spoofed" emails and webpages. Phishing emails often ask you to follow a link to what looks like an official webpage for organizations you already trust, but are really elaborate attempts to fool you into entering your personal information. Spoofed webpages often appear shockingly similar to their real counterparts, and even seasoned internet users can be fooled by them.

The trick to avoiding these spoofed webpages is the web address, also known as the URL. A phisher may be able to duplicate everything about the way a webpage looks, but a page's web address is its fingerprint and will always give it away.

  • Protocol
    The protocol tells your web browser how to send/receive data. The most common protocol to see here is HTTP or HTTPS. You will see HTTPS on secure pages, such as login pages. Secure PSU pages will always begin with HTTPS and have either a green padlock or a green bar to the left of the protocol. Any page that looks like a PSU login page but doesn't use HTTPS and have a green padlock/bar is suspicious and should be approached with caution.

    Check to make sure that the protocol is HTTPS if a webpage asks for personal information, such as usernames or passwords. This ensures that your browser encrypts your information and prevents phishers from grabbing the data as it's transferred.

  • Subdomain
    The subdomain indicates a subdivision of the webpage's domain. For instance, in the web address "", "mail" is the subdomain of "". PSU has a number of subdomains, such as "" and "". Phishers may attempt to use a subdomain to make the link seem official.

    Check to make sure that the web address isn't using a PSU-related subdomain with a non-PSU domain name (look below for examples). This could indicate that a phisher is trying to trick you into trusting a fake PSU webpage.

  • Domain Name
    The domain name is a unique identifier that differs for every website on the internet. A domain name always includes a top-level domain, which is most commonly ".com", but can also be ".org" or, in PSU's case, ".edu". Phishers will often try to fake this part of a web address by creating something that looks very similar. For instance, they might create a domain name that uses a 0 (the number) in place of an O (the letter) or has a ".co" instead of a ".com".

    Check the domain name to ensure that you are on a legitimate PSU website: it should always show "" immediately after the protocol and the subdomain.

  • Webpage Location on Domain
    Everything after the domain is information regarding the page's location. This information is usually not necessary to examine.

Now that you're familiar with the basic parts of a web address, you can begin applying this knowledge to every link you see. Pay special attention to links in emails, but be aware that any link on the Internet can be malicious. Whenever you see a link, follow these steps to make sure it's legitimate:

  1. Check: Look at the web address behind the link by holding your mouse pointer over the link (without clicking it) and examining the web address in the bar at the bottom of your browser window.
  2. Click: If the web address looks legitimate, click on the link.
  3. Check: Look at the web address displayed in the bar the top of your browser window to ensure that you weren't redirected to a different page.
  4. Continue: If the web address still appears legitimate, continue with your task.

If you're unsure whether the web address looks legitimate, go straight to the website by typing its web address in yourself. A few extra seconds of vigilance will ensure that your data remains in safe, phish-free waters.