Ugly Hedgehog - Photography Forum
Home Active Topics Newest Pictures Search Login Register
General Chit-Chat (non-photography talk)
Long URLs - good or bad?
Jul 22, 2021 08:27:10   #
bobbyjohn Loc: Dallas, TX
 
Many times in incoming emails, it has a URL Link to some website. The URL can be short or long, can point to a known trusted company, or an unknown entity. If it's an unknown, I will not click on it. It's the length that scares me...a long stream of characters, which have no meaning to a mortal human. Example below. Anyone know why a URL sometimes is soooo long, and if that is designed to hide some personal data being sent to the website?



Reply
Jul 22, 2021 08:32:36   #
johngault007 Loc: Florida Panhandle
 
With legitimate URLs, most of the time it's dynamically created content and the name is generated by a script or function on the server.

I your example, the most important piece of information is what you have blurred out. That is the registered domain name within one of the top level domains (TLD). The www can functionally be anything that the administrators change it to, but www is nice and easy as a default.

Here's how it breaks out:
server | domain | top-level domain
www |example | com

Reply
Jul 22, 2021 08:33:01   #
Longshadow Loc: Audubon, PA, United States
 
What I look for is any sub-domains and the directories after the domain.
Like this one has "clickemail", then "t" as sub-directories, and too many character sub-directories after that.
VERY suspect, so I won't go there.
And you're right about the LOTS of characters.
It could be something that is parsed, yielding another location.

And yes, it also depends (primarily) on the domain.

Reply
 
 
Jul 22, 2021 08:34:54   #
jerryc41 Loc: Catskill Mts of NY
 
I get that type of thing when someone is trying to pretend they're a legitimate site. For example, I'll get an email supposedly from Amazon, but the full email address will be very long, maybe including "edu" or a foreign country.

I'm very suspicious of any emails that want information. I just got one from eBay asking me to protect my account. The email address is ebay@ebay.com, but I'm ignoring it. The first thing I would have to do is use my P/W to sign in.

Reply
Jul 22, 2021 08:36:54   #
Longshadow Loc: Audubon, PA, United States
 
jerryc41 wrote:
I get that type of thing when someone is trying to pretend they're a legitimate site. For example, I'll get an email supposedly from Amazon, but the full email address will be very long, maybe including "edu" or a foreign country.

I'm very suspicious of any emails that want information. I just got one from eBay asking me to protect my account. The email address is ebay@ebay.com, but I'm ignoring it. The first thing I would have to do is use my P/W to sign in.


URLs can be re-directed, emails can be spoofed!!!

Reply
Jul 22, 2021 08:39:01   #
johngault007 Loc: Florida Panhandle
 
Longshadow wrote:
URLs can be re-directed, emails can be spoofed!!!


If the URL is legitimate, and it's being re-directed, there is a much larger problem than any of us receiving random email...lol

Reply
Jul 22, 2021 08:52:22   #
Longshadow Loc: Audubon, PA, United States
 
johngault007 wrote:
If the URL is legitimate, and it's being re-directed, there is a much larger problem than any of us receiving random email...lol


Reply
 
 
Jul 22, 2021 09:12:30   #
jerryc41 Loc: Catskill Mts of NY
 
Perfect timing! This email supposedly from Spectrum was in my Spam folder.

email address -
Ѕpectrum <mpinson@columbus.rr.com>

The spelling and grammar in the letter leave a lot to be desired.

Reply
Jul 22, 2021 09:25:48   #
Longshadow Loc: Audubon, PA, United States
 
jerryc41 wrote:
Perfect timing! This email supposedly from Spectrum was in my Spam folder.

email address -
Ѕpectrum <mpinson@columbus.rr.com>

The spelling and grammar in the letter leave a lot to be desired.

That's a dead give away also.

Like subject containing a mix of bold characters and characters with international accent marks.
(They do that to bypass the spam filter check using "normal" characters... doesn't match so they get through.)

Reply
Jul 22, 2021 11:04:04   #
johngault007 Loc: Florida Panhandle
 
Jerry,
If you copy/paste the full email header (usually under advanced or full view) and take out your personal information, I can help decipher to see if it is legitimate. That is usually how we conduct forensics on suspected email attacks because email headers don't lie.

Reply
Jul 22, 2021 11:05:34   #
Longshadow Loc: Audubon, PA, United States
 
johngault007 wrote:
Jerry,
If you copy/paste the full email header (usually under advanced or full view) and take out your personal information, I can help decipher to see if it is legitimate. That is usually how we conduct forensics on suspected email attacks because email headers don't lie.


Reply
 
 
Jul 22, 2021 12:50:16   #
jerryc41 Loc: Catskill Mts of NY
 
johngault007 wrote:
Jerry,
If you copy/paste the full email header (usually under advanced or full view) and take out your personal information, I can help decipher to see if it is legitimate. That is usually how we conduct forensics on suspected email attacks because email headers don't lie.


Thanks, but I already deleted it.

Reply
Jul 23, 2021 21:00:25   #
smussler Loc: Long Island, NY & LOL, FL
 
If a get an email asking about personal information for an account, I never click on a link in that email. Period.
Most banks, credit cards, major sellers, have addresses shown on their websites where suspicious emails can be forwarded.
What I wonder - is there really any kind of follow up done? My wife's identity was stolen about 5 years back. What a mess.
All the illegal activity took place in a neighboring state. We called authorities there. No, we were told to contact our local police department.
We did that - no follow up whatsoever, other than a long list of other agencies to contact.

Just recently, my wife receives a letter that she was being denied something from Social Security. Never applied for anything. Try to talk to a human at social security.
To check her identity to be able to talk to someone, they're asking questions about credit cards that were issued to whoever stole her identity years back.
Sorry that answer doesn't match our records. Click, Dial Tone. 3 weeks to get thru to someone, but took a written letter first.

With all that, I'm leery of clicking on URLs from any one that I don't know.
Trust me here - Click for more exciting info from the government about Identity Theft

If I do click a URL and I am presented with a login screen, I close the page immediately.

Reply
If you want to reply, then register here. Registration is free and your account is created instantly, so you can post right away.
General Chit-Chat (non-photography talk)
UglyHedgehog.com - Forum
Copyright 2011-2021 Ugly Hedgehog, Inc.