Phishing links contain malware designed to copy and transmit information from the user to cyber criminals. Hence it is important to open phishing links safely. The stolen information can be exploited for various purposes, such as forging government documents, fraudulently accessing entitled benefits, compromising bank accounts through stolen login and card data, and so forth.
Phishing links reach users through SMSes, emails, websites, pop-up advertisements, and more. Users often click on these links because they appear relatable. For example, a phishing link may be sent in an email with a subject line that reads, “Your Free Gift From Your Recent Purchase From Amazon” or something similar.
Sample of a phishing email to steal password (Photo: Imperva)
Other forms of phishing emails create a sense of urgency by prompting immediate action, such as updating passwords, installing anti-virus software, paying bills, checking credit scores, and more. Scammers also capitalize on current events to attract attention to the email content, often including an attachment claiming to contain “additional information.”
These attachments are commonly referred to as decoys and may be related to recent events, charity scams, elderly care packages, college fee discounts, shopping cards, and so on. Unfortunately, by the time a user realizes that the provided link or phishing communication did not deliver the promised prize or information, it is already too late. Scammers would have already obtained sensitive information through their deceitful tactics.
Detecting phishing attempts to open phishing links safely
Scammers using similar website addresses/ URL (Photo: Imperva)
This could be avoided by learning how to open a phishing link safely. To learn how to open a phishing link safely, a basic understanding of what makes them different from legitimate emails helps.
Here are some pointers to help identify suspicious communications:
- Hover, but don’t tap on the phishing link: When a link appears on the screen, move the mouse over it (often highlighted in blue). The actual website address will be displayed at the bottom left corner of the page. If the address at the bottom says “http://www.fakebook.com” while the email claims to be from “https://www.facebook.com,” it’s clear that the URL or address is designed to deceive users into opening it.
- Check the website address – Check the website address: The email/ SMS/ pop-up links may differ from the official website. They might have added or modified characters. Users should go back to the official website to verify their address. After confirming, they can report the phishing link to the official website through their social media pages or customer support.
- Pay attention to the content – The content of the phishing communication often contains hints or raises suspicions about its credibility. For example, an email that urges users to submit personally identifiable information, login details, or bank information through links or forms clearly indicates its inauthenticity. Most service providers have warnings on their websites regarding fraudulent Know Your Customer (KYC) processes initiated by scammers both offline and online. Users can always call the official customer support number to verify if such an action has been initiated for their account.
- Verify the website address: Almost all secured website begins with HTTPS. Those missing the S in the URL often tend to be lesser secure, making it way easier for hacking. Hence, it is advisable to use similar websites with caution or not access them at all.
- Search the phishing content online – Often, Google search and other search engines have plenty of information about common scams that might be used extensively in the present time. Suppose you receive an email or text message that seems suspicious. In that case, you can type the email address, website address, email subject, coupon codes, scheme, scam, etc., mentioned in the communication into a search engine. Chances are, other people will have already reported the phishing link, and you’ll be able to find out if it’s legitimate or not.
Websites that help open a phishing link safely
Several websites offer search options and tools to help you cross-check the credibility of phishing links. A URL checker can provide details about the phishing link, as well as insights on how to stay safe from similar links.
Here are some of the most popular URL checkers:
- WHOIS: This service allows users to verify domain names, check expiration dates, and identify the domain’s registrant.
- Norton Safe Web: This platform displays results that alert users if a link is infected with malware.
- Shodan: Another valuable website, Shodan helps users search for servers connected to the internet, enhancing network security.
(Photo: AVG)
Besides using link checkers like VirusTotal, maintaining caution in accessing any online link is essential to avoid falling prey to a scam or data theft. It is also important to be aware of the latest threat intelligence and cybersecurity news that explain current trends in cybercrime. To open a phishing link safely, common knowledge from cybersecurity magazines or news is imperative that help relate information and create awareness.