SCAM AWARENESS EDUCATION SERIES

A domain name is a “digital storefront.” Just as you might be wary of a store with a flickering neon sign in a dark alley, certain patterns in a URL address are immediate red flags.

Fraudsters rely on obfuscation—the art of making something look like what it isn’t. Here is a guide to the domain patterns that almost always signal a scam.

1. Cybersquatting & Typosquatting

Hackers register domains that are visually similar to famous brands, banking on the fact that users often skim text rather than reading every character.

• Character Swapping: Replacing a letter with a similar-looking number or symbol (e.g., g00gle.com instead of google.com).

• Common Typos: Registering amzon.com or faceboook.com.

• Homoglyph Attacks: Using non-Latin characters that look identical to Latin ones (e.g., using a Cyrillic “а” instead of a standard “a”).

2. The “Subdomain” Trap

Fraudsters often hide the real destination by burying it behind a legitimate-looking subdomain. Your browser reads URLs from right to left to determine the actual owner.

• The Pattern: wellsfargo.secure-login.com

• The Reality: The actual domain here is secure-login.com, not Wells Fargo. The “wellsfargo” part is just a subdomain created by the attacker to trick your eyes.

3. Excessive Hyphenation

Legitimate brands rarely use multiple hyphens in their primary domain. It’s a common tactic used to bypass spam filters or create a sense of false urgency.

• Red Flag: get-your-refund-now-irs.com or apple-support-security-check.com.

• Why it’s suspicious: Major corporations invest heavily in short, memorable branding. If a URL looks like a full sentence separated by dashes, it’s likely a phishing landing page.

4. Unconventional TLDs (Top-Level Domains)

While .com, .org, and .net are the gold standards, there are now hundreds of TLDs available. Scammers often flock to “cheap” or “unregulated” extensions because they are inexpensive to register in bulk.

• High-Risk TLDs: .top, .xyz, .work, .rest, .tk.

• The Context: While a startup might legitimately use .io or .ai, a bank or a government agency will never contact you from a .zip or .support domain.

5. Keyword Stuffing

Scammers often pack as many “trust” words into a URL as possible to lower your guard.

Remember, awareness is your strongest defense.   

Contact us if you’d like more information on how cyber intelligence can help you locate scammers.

Please share this guide with friends and colleagues.