You receive an email with a link to 'paypal.com.account-verify.ru/login'. Is this a link to PayPal's official website?
AYes — it contains 'paypal.com' in the address, confirming it is PayPal's domain
BNo — the actual registered domain is 'account-verify.ru'; 'paypal.com' is just a subdomain name designed to deceive
CYes — only the path after the domain matters for identifying the site
DNo — PayPal only uses secure .com addresses, and this one ends in .ru
The critical rule: the real domain owner is identified by the name directly to the left of the top-level domain (.com, .ru, .net, etc.). In 'account-verify.ru', the registered domain is 'account-verify' and the TLD is '.ru' — meaning someone registered account-verify.ru, not PayPal. 'paypal.com' appears as a subdomain prefix, which anyone can add to any domain they own. This is one of the most common phishing techniques. Option D is a tempting distraction — the .ru extension is suspicious, but the real issue is domain structure, not country code.
Question 2 Multiple Choice
What does the padlock icon and 'https' actually guarantee about a website?
AThe website is legitimate, safe, and owned by a verified, reputable organization
BThe website has passed a government security audit
CData traveling between your browser and the website is encrypted so eavesdroppers cannot read it
DThe website's content has been checked for malware by your browser
HTTPS encrypts the *connection*, not the website itself. A scam site can have a valid HTTPS certificate and padlock — in fact, most phishing sites now do, because free certificates are easy to obtain. The padlock means your data is encrypted in transit; it says nothing about whether the site itself is trustworthy. Always check the domain identity separately from the padlock.
Question 3 True / False
A website with a professional-looking design, a recognizable brand name in the URL, and an https padlock is expected to be a legitimate, safe site.
TTrue
FFalse
Answer: False
None of these individually or together guarantee legitimacy. Professional design is easy to copy; a brand name can appear as a subdomain on a malicious domain (see paypal.com.scam-site.net); HTTPS certificates are freely available to anyone. Safety requires checking the actual registered domain — the part directly before the TLD — and confirming it matches the organization you expect. A site can fake all three trust signals while still being a phishing site.
Question 4 True / False
In the URL 'https://store.example.com/products/shoes', the registered domain owner controls 'example.com', not 'store', 'products', or 'shoes'.
TTrue
FFalse
Answer: True
'store' is a subdomain (a subdivision example.com created for itself), and '/products/shoes' is a path (a folder structure within the site). Only 'example.com' is the registered domain — the name someone paid to register. The domain owner controls what subdomains and paths exist. This is why you must read the part just before the TLD to identify who owns a site.
Question 5 Short Answer
How do scammers use URL structure to make a malicious link look like it belongs to a trusted website? What should you look for to detect this trick?
Think about your answer, then reveal below.
Model answer: Scammers register a domain like 'account-verify.net' and then create a subdomain using a trusted brand name, producing a URL like 'bankofamerica.com.account-verify.net'. The trusted name appears first, making casual readers think they're on the real site. To detect it: always identify the registered domain by finding the TLD (.com, .net, .org, etc.) and reading the word immediately to its left — that is the actual owner. Anything before that is just a subdomain the owner created.
This trick exploits the way humans read left-to-right — we see the trusted name first and stop reading. Trained URL readers read right-to-left from the TLD to find the actual domain owner. Practicing this habit makes phishing URLs immediately obvious.