Understanding URLs and Hyperlinks – WIN Cyber Security Minute


I am Kevin Bryant and welcome to the next
episode of WIN Security Minute. Today we are going to learn how to decode
and understand hyperlinks. They are also known as URLs or website addresses. Hackers will often try to trick you into clicking
on a URL, to get your computer to open a website that will compromise your machine. That could lead the loss of sensitive data
or damages to your company. But if you have the skills to decode where
the hacker is sending you, you can easily defend against their attacks. In this brief presentation we will look at
how to see the real hyperlinks, how to understand the structure of hyperlinks, then we will
quiz you with some examples, and then follow up with a summary. First, lets take a few seconds to understand
how we can view the REAL hyperlinks. Hackers like to hide the true identity of
where a link will take you. You must reveal the real website link by hovering
over the URL. In any of your common day web browsers, such
as Firefox, chrome, internet explorer, safari or opera � you will need to use your mouse
pointer and position the cursor over the website link that you want to click on to see where
it would take prior to clicking on it. In this example the website has a link to
�Google Gmail�. When hovering over the link, the browser you
will reveal in the bottom left hand of your screen what the actual hyperlink is. On mobile devices such as phone and tablets,
it can be a bit trickier to reveal the real hyperlink to see where it will take you. You will need to long press on a hyperlink
to view the actual website address Your touch screen device will then show you
the hyperlink on the screen. This should take some practice to get used
to. Try it on some links that you know are legitimate
before attempting it on a suspicious link to prevent an accidental click. And lastly, in your email client like Microsoft
Outlook or Mozilla Thunderbird all you must do is hover over the hyperlink with your mouse. A small box will pop up next to your mouse
cursor with the true hyperlink. Whenever and wherever you are dealing with
hyperlinks, always be sure hover to make sure you know where the link is going to take you
prior to clicking. Look before you leap! Next let�s take a look at hyperlinks, and
how they are structured. This is an important concept to understand
as hackers like to garble up hyperlinks to make them legitimate looking, but they can
lead you somewhere dangerous. Here you see me on NASA.gov�s website. They have a blog section and I am reading
an articl.. You can confirm what website you are at by
viewing the address in the �address bar�. Many people don�t understand the format
for URLs. What does all this junk mean? Let�s decode it to find out. During this demonstration we will relate the
different parts of the hyperlink to something you can relate with, the physical and tangible
world we live in. In this example we were visiting nasa.gov.
.gov is the �Top Level Domain� or TLD for short. All hyperlinks have a TLD. The most common Top Level Domains are .com,
.net, .gov. and .edu. To help better understand this, lets pretend
that the Top Level Domain is one of the many different states in the United States of America. In our example, let�s say that .gov geographical
represents Wisconsin in the real world. Next we look to the left of the Top Level
Domain (or .gov) you will see �nasa�. Nasa is the �domain�. Between NASA and gov is a �period� which
is the delimiter that draws a line in the sand between the domain, and the top level
domain. You can think of the domain as the exact city
and street address to where the website lives. And for our example lets pretend that nasa.gov
is going to take you to the address of 4955 Bullis Farm Road in Eau Claire. And remember, the .gov top level domain part
told us that the hyperlink will take us to Wisconsin, and not to the same address in
Minnesota. Note, that�s totally two different locations. One location could be legitimate, the other
one could be controlled by a hacker. Some webpages you visit will prepend a �subdomain�
to its domain. In this example we see NASA has a store. You can think of a subdomain as a way to describe
which room you are visiting in a house or a business. Some websites have multiple layers of subdomains. Just like we saw between the words NASA and
GOV is a delimiter using a period. You can see the delimiter of a period between
store and NASA. In our example, we are visiting the top level
of a home that looks to be a computer room at the address of 4955 Bullis Farm Road in
Eau Claire, Wisconsin. Keep in mind hackers love tricking people
by creating a fake subdomain of a hacker-controlled domain. That way they can make it look like you are
visiting a legitimate website if you don�t look closely. Most website resources on the internet which
you commonly access is either the HTTP or HTTPS protocols. HTTP is an abbreviation for hyper text transfer
protocol. HTTPS is the secure and encrypted version
of HTTP. You may come across other protocols such as
�FTP� or file transfer protocol. When visiting a domain using HTTPS it means
that a hacker can�t easily sniff and interact with your communication to the domain you
are trying to visit. It is always good to verify that the website
you are viewing is HTTPS. However, it is important to understand that
just because the resource you are visiting is HTTPS, it does not make the website safe
and secure! It doesn�t prove that it is a legitimate
website and that is safe to visit. All it proves is that you are likely connecting
to the intended domain name that you see in the URL, and if a hacker is sitting next to
you on the same network � they wouldn�t be able to fiddle with your communication
to that domain. Keep in mind the hacker can create his own
domains and secure it with HTTPS. If you are connecting to the hackers malicious
HTTPS domain, it can result in compromise of your computer and could be �game over�
for you and your company. Only around half of the websites on the internet
today support HTTPS. You will see a colon and two forward slashes
to denote that to the left of those symbols is the protocol being used. Onto the opposite side of the URL you will
likely see what is called a �folder� or commonly referred to as a �directory�
In our case the resource we are visiting is inside the �stuff� folder. You can think of a �folder� as a pointer
to which bookshelf the content you are trying to access lives in our house on the top floor
computer room of Bullis Farm Road in Eau Claire Wisconsin. In our case, the content is in the 3rd bookshelf. There can be multiple layers of folders. Note how there is a forward slash between
the Top Level domain of �.gov� and the folder of �stuff�. The delimited used when looking to the right
of the Top Level Domain will always be a forward slash. This is an important point which I will highlight
why in a few minutes. Next in our example you can see we are referencing
a document also known as a �page� called �giftstore.html�. You can think of this as a specific blue book
Which happens to live on our 3rd bookshelf. Once again the forward slash is used to delimit
between a folder and a specific page as it is to the right of the top level domain. And lastly in our example you may see some
gibberish at the end of the URLs. This is called a Query String. It is often used to pass information from
your computer to the website. Such as to tell the webserver which user you
are when accessing the website. Query strings can be delimited using many
different special characters. However, the common ones are question marks,
ampersands, or pound signs. X 2
Query strings can get long and complex as you can see here. Most query strings are impossible to decode. The important thing is to understand what
they are, what they are not, and where they are positioned in our URL. I mentioned a few minutes ago that we would
circle back on this key point of the first forward slash delimiter. It is important to note where to start reading
a URL to determine its true identity. Hackers are very tricky, and they like to
confuse you. They want to make a URL look like it is safe
to click on. They can do this by putting words that you
might expect to see in the URL. They can do this through the whole URL that
you see in front of you. Notice the first forward slash that you can
see that is to the right of the HTTPS:// This first forward slash is your anchor which tells
you where to start reading from right to left to decode where the hyperlink takes you. To the left of this first forward slash is
your top level domain. And then to the left of that is your domain,
and to the left of that is your subdomain. Each of these are delimited by periods. Everything after the top level domain (or
to the right of the top level domain) gets delimited by forward slashes, with the exception
of query strings that are usually a different special character. One reason why it is important to understand
where the start reading to find the top level domain is that there a ton of them. Like we mentioned before some common ones
are .com, .gov, edu, .uk, .net and so forth. Some uncommon ones are .mobi for mobile, .gw,
.cat, and so forth. However, there are many new top level domains. Such as .guru, .club, .gift, .photo and so
forth. In fact there are over 1,500 different topic
level domains and more coming out all the time. Now that you have a good understanding of
how to decode a URL, lets put your skills to practice in some example URLs. You get an email claiming to be from Taco
Bell and a link to a coupon for a free burrito supreme. Using your mouse cursor, you hover over the
link to reveal this URL. Is this a legitimate URL that will take you
to a real coupon for a free burrito? Looking at the URL, we see the first forward
slash is right here. That means the top level domain is .co. Wait a minute, that seems odd for TacoBell
to be using a top level domain of .co instead of .com. The domain is indeed �Tacobell� but the
top level domain is wrong. If you were to click on this link, it would
have taken you to a hacker controlled website and infected your computer! In this example where does the URL take your
web browser when you click on it? Two domain names jump out at me. I see https://www.google.com
But I also see https://www.facebook.com Where will this URL take you when you click
on it? The answer is google.com. We must first find where the top level domain
starts by finding the first forward slash in the URL. To the left of this is .com and then google. It is safe to assume this link will take you
to google.com. Remember the bit after the forward slash is
a query string. It is information you are passing on to the
web server. In this case
the query string is asking google to do a search on �https://www.facebook.com�. In our next example you get an email claiming
to be from your coworker. He has shared a link with you to download
a work document that needs to be looked at. This is a normal request from your coworker
since you collaborate using Dropbox all the time. Instead of clicking on the link right away,
you do the right thing and hover over the URL and this long long link is displayed. Is this link legitimate? Unfortunately, this URL does not take you
to the expected domain of dropbox.com. A hacker is playing tricks on you. Find the first forward slash. Notice it is way way down the URL. You can see www.dropbox.com in the beginning
of the URL. However there is no forward slash delimiter
between .com and download. The delimiter used here is a period. Which tells us this is a subdomain and not
the domain! Instead the forward slash shows the top level
domain of �.fail� which is one of those crazy top level domains. The domain listed is snake people. This domain is likely controlled by a hacker. You are on your smart phone and you get an
email claiming to be from your brother. His birthday is coming up, and the email says
it is a Facebook invite to his birthday party. Since you�re on your smart phone you long
press on the URL so you can see where the link takes you. The following link is shown. Is this link safe? Looking at the link we see the domain name
of facebook.com right? Wrong! What we see here is a miss spelling of facebook. The hacker has replaced the o�s in �book�
and put number zeros instead. The link takes you to a hacker-controlled
website and not the real facebook.com. Be sure to watch out for miss spelling or
character substitution throughout the URL. Next you get an email from a friend inviting
you to check out her Linkedin profile. Is this URL legitimate? Nope. This URL is will take you to linked.art and
not linkedin.com. You know the real top level domain is .com
for linkedin. This is the work of a hacker. Someone shares you a file using google drive,
a file sharing site. Hovering over the email invite shows this
URL. Is this safe to click on? The URL does indeed send you to a file to
download on google drive. It doesn�t look to take us to a weird website,
however keep in mind that hackers can use other peoples websites to share and spread
malware. In this case a hacker uploaded some malware
to google drive and tried to get you to click on it to infect your machine. Always verify that the sender of the message
intended to send you the file in question, and that you should indeed be opening it. Here is a crazy one. Sometimes you will come across URL shorting
services like bit.ly and tinyurl.com. They take long URLs and compact then. You might see these a lot on social media
websites like Twitter, where you have limited characters you can include in the communication. Unfortunately, it hides the true destination
of the URL. The link could then take you to a hacker�s
website Or to a legitimate website � like Martha�s
Stewarts blog. Either of these outcomes are equally terrifying. You can use websites such as URL revealer.com. Copy and paste in the shorted URL and it will
tell you where the link will take you. In this case � it takes us to marthaStewart.com. In summary always verify and understand where
the link takes you before you click. To see the real hyperlink Use your mouse and
hover the PC On mobile devices press and hold using your
finger. Decode where the URL goes
Ask yourself should you really be going there? And when in doubt � ask questions! That wraps up this episode of WIN Security
Minute. If you have any questions or concerns let
me know at [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *