Phishing has proven to be the effective and easiest ways for cybercriminals to defraud users and steal their confidential information.
Today’s generation is over-reliant on the internet for their day-to-day activities. This creates a perfect platform for fraudsters to launch targeted phishing attacks.
Earlier, these type of attacks were easy to detect. But hackers like to be one step ahead of everyone. So now their phishing attacks have become more sophisticated and difficult to identify.
Phishing is a type of social engineering attack usually carried out to steal users’ personal and sensitive data, including login credentials. An attacker masquerades to be a trusted entity and tricks the users into performing desired actions.
To identify a phishing website or a suspicious phishing link, you should note the following points.
1. Check and study the shortened URL.
In some cases, you can spot something fishy just by seeing the URL. If the URL is shortened using URL shortening services such as Bit.ly, Google URL shortener, TinyURL, its the first indication of something suspicious. I don’t say that all but most of the shortened URL’s are phishing links. In this scenario, you should examine the shortened URL using any shortened URL checker like CheckShortURL .
For example, I created a shortened URL of www.facebook.com using Bitly which is https://bit.ly/18AOiDE and typed it in CheckShortURL to check the actual URL. It gave the following result.
2. Check for the owner of the website using WHOIS Lookup.
All domains are registered through some registrar which keeps the domain owner’s information in their database. A simple WHOIS lookup helps you to check who is the owner of the website. However, some owners might opt for WHOIS protection which doesn’t display their information publicly.
You can check WHOIS lookup on this link. For example, I requested WHOIS lookup of facebook.com.
It displayed all the information from registrar name, domain creation and expiry date, nameservers etc. Here domain creation date can be seen as a parameter to detect phishing website. Hackers registers a new domain for phishing purpose means it is created recently.
3. Check for the SSL certificate of the website.
All popular and trusted websites are encrypted with SSL. You can check for the padlock at the start of the address bar. If you don’t find it, it’s a non-secure website and you should not enter any sensitive information on that website. As I said in my SSL post, SSL only encrypts data being transferred from client to server. It’s very easy to get an SSL certificate for a website and hackers also use SSL encryption for their phishing website so that it looks legitimate. So this system is not foolproof.
Even if a hacker buys himself an SSL certificate, he can get caught by looking at the certificate details. You can do it by clicking on the padlock icon and then clicking the certificate option. It reveals the real domain to whom the certificate is issued.
4. Check for IDN Homograph attack.
Some phishing website URLs look exactly similar to the actual website URL along with SSL encryption. This method leverages the similarity of character scripts to create phishing domains of existing ones and lure visitors. A domain name can be registered in different languages and any two languages can contain a character which looks the same in both the languages. For example, Cyrillic small letter ‘a’ (Unicode Hex U+4030) and Latin small letter ‘a’ (Unicode Hex U+0061) looks the same for naked eyes but they are two different characters.
Here, a hacker can register the domain as ‘facebook.com’ replacing the Latin character ‘a’ with Cyrillic character ‘a’. So the spoofed website address also looks like ‘facebook.com’. Hence it’s difficult to spot the real ‘facebook.com’.
But, this problem has a simple solution. Just copy the URL and paste it in the address bar in another tab. It reveals the actual domain name which looks something like this: https://www.xn--faebok-I0e15h.com. It is a homoglyph URL of facebook.com. Modern web browsers immediately reveal the original URL as soon as you type the URL in the URL bar, even the homoglyph one. So now it’s not a problem at all.
As the cybersecurity awareness is increasing among people, cybercriminals are finding new and innovative ways to hack them. Especially new phishing attack vectors. But if you follow the above steps, you can protect yourself from being the victim of phishing attack.