Made possible by generous funding from

AT&T Logo

How to Recognize Fake Website Addresses

Every website has an address, also called a URL. When you connect to your bank or go shopping online, your computer finds and connects to these sites using the site’s address. Scammers create fraudulent websites with small changes to the website addresses and hope you won’t notice the extra word, dash, or period. Any change to a website address, no matter how small, is an entirely different website.

Web addresses are unique

Your house has a unique address. Even if someone were to build an exact replica of your house, it wouldn’t have the same address. A small change, like changing 7th Street to 7th Avenue, or changing one numeral in the zip code, leads to a completely different location.

Just like your unique house address, every website has a unique address. Cybercriminals often use addresses that are close to a real address or are a common misspelling of an actual address to land victims on a fake copy site or a site with malware. Take some time to study the examples below. Click the + (plus) icon to open each example.

Every website has a unique address. You probably are familiar with popular sites like “target.com”, amazon.com, or “cnn.com”. Scammers use similar addresses, and misspellings of addresses, to direct you to web pages that are designed to steal your personal information or download malware to your computer. Look at the following examples to learn how to spot and avoid dangerous websites.

Most sites have a human-readable name that reflects the actual name of the company or organization. It might not always be what you expect. Learn the real URLs of the sites you visit often. In the screenshot below, the name is “chase.com” for the official Chase Bank site. The domain part has to be EXACTLY “chase.com” or it isn’t the official site. Fake sites may use variations of the real name, like “chasebank” or “chaseonline” to fool you.

In the screenshot below, one screenshot shows the real Citi banking site. The URL is “citi.com,” which redirects to the full URL of “online.citi.com” (we’ll talk about the rest of the URL later).  The red image is a fake site with a similar URL of “update-citi.com.” The fake site was flagged as dangerous by my anti-virus software, but it likely was used to steal passwords before being flagged. Notice how similar the two URLs are, and how easy it would be to either not notice the difference or to accept it as valid. Note that the fake webpage may have looked very similar to the bank’s real webpage before it was discovered. Victims might enter their username and password, not realizing they were sending the information directly to cybercriminals, not the bank. Pay attention to warnings like these. If your anti-virus software alerts you to something dangerous, don’t try and bypass the warning!

What is your favorite big-box store? How many products do they sell? Each product has its own page. In addition, there may be pages for instructions, contact forms, location maps, and much more. These pages follow the main domain name. In this screenshot, “costco.com” is followed by a slash (/) and then more text that points to a single page among many. Pages might be easy to read, as in this example, or just a series of numbers and letters.

Subdomains are major sections of a website that are separated by function. A subdomain name precedes the website name AND is separated by a period (.) before the main domain name. Companies frequently use a subdomain for support services. Apple, for instance, uses “support.apple.com” as its subdomain for product support pages. Scammers will often try and create a similar look for a fake site but use a dash, instead of a period, and hope you won’t notice the difference. At Oasis, we use subdomains for different programs and locations. The illustration below shows the Connections subdomain as indicated by the word “connections” followed by a period preceding the main URL or “oasisnet.org.”

You don’t have to know everything shown below, but I’ve included the information for your reference. A complete URL has a very specific format. Remember, a website address is unique and exact. Any variation, an extra or missing letter, a period in the wrong place, or a different extension is a different site, even if the website looks the same as the original site.

It might seem like understanding URLs is complicated. But you can learn to recognize easily with just a glance. To summarize:

  • Cybercriminals sometimes create dangerous websites with altered and misspelled URLs.
  • It’s safer to type in a known website address than to click links in emails or messages. Fake links are a scammer’s favorite ploy.
  • Double-check the URL and make sure that you are on the legitimate site.
  • A fake web page can look exactly like the real web page.
  • Always keep your anti-virus up to date. If you land on a dangerous site, it can help protect you against identity theft and malware.
Cybercriminals can create exact copies of legitimate sites, but they cannot copy the address.

Reserved website address extensions (suffixes)

Every website has an extension (sometimes called a suffix). Anyone can purchase almost any extension, except for the “.gov” and “.mil” and “.edu” extensions.

  • .gov The .gov extension is reserved for actual government websites and must go through a federal authentication process. It indicates a legitimate federal, state, tribal, or local government agency.
  • .mil The .mil extension is reserved for official military websites.
  • .edu The .edu extension is reserved for accredited academic institutions.
Official agencies sometimes operate websites that fall outside of the rules shown above. For instance, the Army has official sites at army.gov (the military site) and goarmy.com (recruiting). And the USPS (United States Postal Service), because of its unique charter, is found at usps.com.

Traditional website address extensions

Anyone can purchase website names with these traditional suffixes.

  • .com. The dot-com extension (short for commercial) is normally a business.
  • .org. The dot-org extension usually belongs to a nonprofit or community organization.
  • .net. The dot-net extension is often used as a kind of generic or informational site.

There are lots of other extensions

A few years ago there was a huge expansion of website extensions. Many of these are quite creative and really express the nature of the website. Here are a few of the extensions you might see today.

  • .biz
  • .io
  • .yoga
  • .store
  • .shop
  • .engineering
  • .tech
  • .biz

There are hundreds more!

Country extensions

You might also see an extension that indicates the business’s or organization’s home country. A few popular extensions you might encounter include:

  • .eu. Europe
  • .uk. The United Kingdom
  • .au. Australia
  • .mx. Mexico
  • .ca. Canada

Test your knowledge

CGOS URLs
0% Complete
1 of 3
1. Every website has, like your home, a unique address that only belongs to that one location.

PREVIOUS – Previewing Links
NEXT – Safe Browsers & Sites