Social media is one of the major medium people use to stay in touch with friends, family and various associations they belong to. These tools are used to exchange messages in the form of text, photos, videos and audios. These mediums are not only meant to keep people closer but also used as a tool to spread helpful information. This is why one would usually forward job vacancy messages to friends who are in search of jobs, forward health tips to those likely to have need for such message and financial advice to those likely in need of financial help. Scammers take advantage of this goodwill to defraud people. Scammers often create phishing pages that promise free airtimes and gifts by companies and only need to forward links to these messages to a few persons for a viral process to begin.

People share these messages on social media platforms, especially Whatsapp asking their friends to click on a link, believing that this will give them access to some forms of free airtime or gifts. They actually believe the link they are sharing to be from a genuine company because it has a logo, a name and a theme that matches the colour of a company. The link would usually be presented as a web page advertising a FREE AIRTIME giveaway, and promising that the reward can only be unlocked after the message has been shared to up to 10 friends and 10 Whatsapp groups. People click on the share button to begin disseminating the information to their various Whatsapp groups and friends, not because they intend to scam anyone, but because they need to claim the reward, and they believe they are helping their friends.

After sharing these messages and discovering that the entire promise may have been false, only few would go back to delete the already disseminated messages. Some would simply keep waiting for their rewards until they forget about the messages they have spread. Others would simply ignore the messages they already shared, believing them to be harmless. The message already shared is latched upon by other people who continue to repeat the same process of sharing until the message goes viral.

By the time these web-pages have gone viral and are getting millions of hits, that is when the scammers actually take advantage of their new-found customers to either sell a fraudulent product to them, ask them to install an application that might contain malware or spyware, or carry out other nefarious activities on the page visitors such as show a fake login page. These fake login pages can be used to extract confidential information from users such as bank login details, staff login and other personal information.


Computer users should be educated on domain names and how sub-domains can be created. If they understand the structures of a domain name and sub-domains, it will be difficult for them to fall prey to web-page phishing attacks as they would easily detect the difference between a genuine website belonging to the entity they wish to interact with versus the fake websites that fraudsters promote with aim of defrauding them.

To educate users on such complex process, we start with the structure of a simple domain name:

The website’s domain name is made up of 2 parts: the name and the extension. The name is often chosen by the entity registering the domain name whereas the other part is picked from a list of available extensions. There are sets of extensions which entities can pick from, starting from top level domain extensions (known as TLD) like .com, .org, .net to second-level domain extensions such as, and The name and the extensions at different levels are linked by a dot.

In a domain name, the entity who owns the domain can create sub-domains, but the sub-domain names can only appear in front of the name, linked by dots. This means that in a name chosen by an entity, the sub-domains they create can appear in front of the name while the chosen extension can appear after the name. This means that a domain name can also have three parts, the owner-generated sub domain, the name, and the extension.

Example of a sub-domain is is the registered domain name, while the owner created as a sub-domain because this owner is in charge of the domain name

The highest level of a domain name in its structure starts from right to left. So when you see a domain name, understand that the extension can be a top-level domain like .com or a second level domain like or even a third level domain like Also understand that the owner of the domain name can create more levels thereby deepening the domain name, but owner-created levels (also known as sub-domain) will only appear at the right hand side of the domain name.

So let us register a domain name

In our name, we decide to create a sub-domain

.ng is the first level domain, .com is the second level domain, .scam is the third level domain while the sub-domain promo is the fourth level domain.

As the owner of the domain, I could deepen this sub-domain further to create

The real website of MTN Nigeria is

If I wish to create a sub-domain that looks similar to the MTN Nigeria website, all I need to do is to make the two levels on the right of my domain look similar to whichever website I wish to impersonate. I could create

Even some people who are knowledgeable about computers could look at a deceitful sub-domain and mistaken it for the genuine domain name of MTN Nigeria and assume any information on it to be authentic. To make it worse, some browsers will only show the first few parts of a web-address, making it difficult to see what is hidden beneath the first few visible parts of the names. In doing so, the part of the name becomes more visible and looks more genuine.

But once computer users are educated and made to understand the structure of domain names, the probability of successfully using deceitful domain names to launch a phishing attack would reduce.

Additionally, since most phishing attacks would take place on web browsers, it is important that browser vendors create a default safe-mode where only a domain name would be visible to the user rather than every detail of the web address starting from http:// to the sub-domain, linked folders and .html files. Advanced users can decide to disable this safe-mode feature. If such feature is built, anyone who clicks on a link would be seeing on the web browser and this would make it easier for some users to identify that the domain is not the authentic website.

Spread the love