Call us on: 02920 887 362
Insights /

The Web User’s Guide to Dodgy URLs

What is a URL?

A Uniform Resource Locator, or URL is essentially the address of a webpage. A URL has many different parts that can be used to assess whether or not the link will take us to the page we want to go to, and if it’s on a website we can trust.

Why does it matter?

Tricking you into click on a link to a website is one of the easiest ways hackers can access your information. Maybe the link will automatically download something to your machine, or maybe it’s made to look like a legitimate site that asks for your login details. Suspicious URLs are often used in phishing attacks to access your data.

Either way, being able to look at a URL and get an idea of how trustworthy it is can save you from some nasty surprises. We’ve broken down common elements of a URL and indicate what you need to look out for when assessing its trustworthiness.


The scheme, or protocol, tells the browser how to display, format or transfer files on the web. The most common scheme you’ll see in day to day web browsing is HTTP (hypertext transfer protocol), which tells the browser to display the page using HTML (hypertext markup language). There is now a new, secure version of HTTP called HTTPS which adds an extra layer of security. Other Schemes might be file transfer protocol (FTP) or single mail transfer protocol (SMTP).

What to look for

Make sure the page you are accessing is HTTPS, as virtually all reputable businesses will use the secure version. Sometimes browsers can help you identify this by including a little lock icon next to the URL.

Note the lock icon before the domain name. Some browsers hide part of the URL in the address bar.


The most common subdomain is the ubiquitous ‘www.’, but webmasters can name a subdomain anything. Pages on the excellence IT website could include and, even though we have no affiliation with Google or Facebook.

What to look for

Subdomains can be used by malicious actors to include legitimate businesses in their URL. Make sure you trust the second level and top level domain address before clicking.

An SMS scam impersonating Hermes using the domain

Second level domain

The second level domain, or simply the domain name, is the name of your website. This is the most important part of judging a URL.

Look at the part of the address directly before the Top Level Domain (, .com etc.) as this is the name of the site.

Top Level Domain

Top level domains were initially used to specify the type of entity the website belongs to, however this is not strictly enforced. So while the idea behind ‘.org’ addresses is to signify a charity, commercial organisations can also register .org addresses

What to look for

The primary use of TLDs when assessing a URL is using them to identify the second level domain, because that identifies the owner of the site. ‘’ is a Microsoft site, because it contains the phrase ‘’. In contrast ’’ may not be owned by Microsoft, as the domain is


Subdirectories are pages within the website, and can be used to provide structure for the site as a whole.

Other URL Tips

Tracking code

Sometimes URLs end with a long string of text beginning with ‘?utm’. UTM stands for ‘urchin tracking module’ and simply provides extra information to the website owner about where traffic has come from. Information like the source of traffic, the content the link is in or the medium it was being sent under can all be included to help website owners analyse their traffic.

UTMs are harmless in and of themselves, though if you are particularly privacy conscious and are likely to be providing personal information on the website you’re visiting, UTM elements of a URL can be removed to take you to the same page without providing the extra information.


Webmasters can use redirection to have multiple links send people to the same address. For example, at excellence IT we might have the address redirect to to provide a shorter link while maintaining the structure of our site. Shortening links is a common reason o use redirects, or to indicate to users and web crawlers that content has moved. Note that webmasters can only redirect from domains they control, so any link you click on containing is controlled by us.

However, URL shorteners like can be used to disguise links to anywhere. At this point you need to look at the context of the link; whether its from a source you trust and in a message or place you would expect.

If you’d like some help improving your cyber security knowledge, take a look at our automated cyber security training platform.

You might also be interested in:

A Quick Intro to Patching

What is patching? And why do IT people talk about it so much?

When should you outsource your IT?

The short answer, and the one you’d expect from an IT support provider, is as soon as you can. But there’s a bit more to it than that.

Excellence on Ice