How to Make a Phishing Link: Understanding the Threat and Safeguarding Your Email
Oct 14, 2024
Phishing attacks have become one of the most dangerous and effective forms of cybercrime. Cybercriminals have honed their craft by targeting with more convoluted methods to swindle users into clicking a malicious link. In this post, we’ll take an in-depth look into how phishing links are crafted, and we’ll cover practical steps to protect yourself and your organization. We'll also include visual examples of phishing techniques, code snippets, and steps to verify the legitimacy of suspicious websites.
What is Phishing?
Phishing is a cyberattack where attackers disguise themselves as legitimate entities—through email, websites, or other forms of communication—to trick users into revealing sensitive information such as bank account details, DOB, OTP(One Time Password), Residential Address, Email Accounts, passwords, credit card numbers, or confidential business data related to the organization. Phishing links are commonly embedded within emails that look like they’re from reputable sources, but lead users to fake websites designed to steal their information.
Step 1: Crafting a Deceptive Domain Name
One of the core strategies in phishing is creating deceptive domain names that closely resemble legitimate websites. For instance:
• Homoglyph Attacks: Using characters that visually resemble others, such as replacing the letter 'O' with '0' (zero), e.g., g00gle.com.
• Typosquatting: Registering domains with common misspellings, like facebok.com instead of facebook.com.
• Subdomain Tricks: Creating subdomains that mimic legitimate ones, e.g., login.yourbank.com.scam.com.
Attackers will leverage these tricks to fool the victim into believing they are visiting a legitimate site.
Step 2: Using URL Shorteners and Cloaking
URL shorteners like bit.ly and tinyurl are commonly used to obscure the real destination of a phishing link. This tactic makes it difficult for users to see where the link leads without clicking it. Let’s take a look at three examples of how phishing links can be crafted using shortened URLs and cloaking:
Example 1: Using a URL Shortener
In this case, the user sees a shortened URL, which could redirect to a malicious website. Without additional scrutiny, the destination is entirely hidden.
Example 2: Cloaked Link in HTML
The attacker uses HTML to hide the link or visually disguise it, making it appear as part of an email from a reputable source.
Example 3: Spoofed URL with Anchor Text
Here, the text displayed looks like a legitimate bank URL, but the actual link points to a malicious site.
Pro Tip: When you hover over any link in an email or website, your browser will usually show you the true URL at the bottom left of the screen. Always check this before clicking.
Step 3: Embedding Links in Emails with Social Engineering
Social engineering plays a vital role in phishing attacks. Attackers manipulate human emotions such as urgency, fear, or curiosity to push victims to click on a malicious link. Here are three email examples that highlight how phishing links are embedded and presented:
Example 1: Fake Payment Confirmation
Attackers use panic by claiming a large sum of money has been charged, tricking the recipient into clicking the link out of fear.
Example 2: Urgent Account Suspension
The urgency to resolve an issue with their account compels victims to follow the phishing link.
Example 3: Tempting Prize Offer
In this case, curiosity and greed have lured the victim to click the malicious link in hopes of claiming a prize.
Note: Email filters may not always catch these types of scams, especially when the links appear to be legitimate. Always verify the sender’s email address and scrutinize the content before clicking.
Step 4: Checking Who Owns the Website
One of the best ways to check the legitimacy of a website is by finding out who owns the domain. Attackers often register domains for short-term use and do not invest much effort in building a credible presence. Tools like WHOIS provide information about the registration details of a domain, including the owner, the registration date, and the hosting country.
Here’s how you can check ownership:
Visit a WHOIS lookup service like whois.domaintools.com or who.is.
Enter the URL of the suspicious website.
Review the domain registration details.
If the domain was recently created or registered by a private or suspicious entity, it’s a red flag.
Example WHOIS lookup for a suspicious domain:
Domain Name: malicious-site.com
Registrar: SCAMMER REGISTRAR INC.
Creation Date: 2023-10-01
Registrant Name: PRIVATE REGISTRATION
Registrant Country: Unknown
If you see a short registration history or private information, be cautious about interacting with that website.
Step 5: Research the Company Behind the Website
Another important step in verifying whether a link or email is trustworthy is conducting basic research about the company or organization mentioned. Here’s how to do this:
Search the company’s name on Google and check the official domain listed in the search results.
Cross-check the email sender’s address with the domain. For instance, a legitimate company will not use a free email service like Gmail for official communication.
Look for online reviews or mentions on trusted websites to confirm whether the company exists and has a good reputation.
For example, if you receive an email from "Amazon" but the sender’s email is amazon-help@randomsite123.com, it’s likely a phishing attempt. Legitimate companies always send from verified email addresses, such as @amazon.com.
Additional Tips for Verifying Companies:
• Check their social media presence (LinkedIn, Twitter) for credibility.
• Search for any public warnings related to the company, especially if it’s a common phishing target (e.g., Amazon, PayPal).
How to Identify Phishing Links
Let’s revisit some common ways to identify phishing links:
Hover over the link: Before clicking, hover over the link to see the full URL. If it looks suspicious or unfamiliar, do not click it.
Check for HTTPS: Always look for the padlock symbol and HTTPS in the URL. However, be aware that some phishing sites now use HTTPS, so this is just one part of your overall security checks.
Analyze the domain: Ensure the domain name is spelled correctly and doesn’t have unusual characters or extra numbers.
Watch out for shortened URLs: If a shortened URL is used, try to expand it using services like CheckShortURL to verify the real destination.
How to Protect Yourself from Phishing Links
Train employees: Regularly educate staff on how to recognize phishing attempts, especially in emails.
Use email security tools: Implement email filtering solutions to block suspicious emails before they reach your inbox.
Enable multi-factor authentication (MFA): Even if credentials are compromised, MFA can provide an extra layer of security.
Phishing simulations: Test your organization's readiness with phishing simulations offered by Clearphish.ai to improve resilience.
Real-Life Phishing Attack Case Study
In 2022, cybercriminals targeted small businesses with a phishing campaign that claimed to offer COVID-19 relief loans. Victims received emails from what appeared to be a government agency, urging them to apply for relief funds. The email contained a phishing link that led to a page mimicking a legitimate government website. Once users entered their business details and banking information, attackers swiftly drained their accounts.
This incident serves as a reminder of how attackers capitalize on current events and use fear and financial incentives to lure victims.
Conclusion: Stay Ahead of Phishing Threats
Phishing links are a persistent threat, but understanding how they work can drastically reduce your chances of falling victim. By learning to recognize the signs, verifying websites, and adopting security measures like email filters and MFA, you can protect yourself and your organization.
Call to Action: Want to fortify your defenses against phishing attacks? Contact ClearPhish for a free consultation or sign up for our phishing simulation services today.
