How To Detect Phishing Website? | Ultimate Guide

How To Detect Phishing Website? | Ultimate Guide

Nord VPN

Phishing has proven to be the effective and easiest ways for cybercriminals to defraud users and steal their confidential information.

Today’s generation is over-reliant on the internet for their day-to-day activities. This creates a perfect platform for fraudsters to launch targeted phishing attacks.

Earlier, these type of attacks were easy to detect. But hackers like to be one step ahead of everyone. So now their phishing attacks have become more sophisticated and difficult to identify.

Phishing is a type of social engineering attack usually carried out to steal users’ personal and sensitive data, including login credentials. An attacker masquerades to be a trusted entity and tricks the users into performing desired actions.

To identify a phishing website or a suspicious phishing link, you should note the following points.

1. Check and study the shortened URL.

In some cases, you can spot something fishy just by seeing the URL. If the URL is shortened using URL shortening services such as Bit.ly, Google URL shortener, TinyURL, its the first indication of something suspicious. I don’t say that all but most of the shortened URL’s are phishing links. In this scenario, you should examine the shortened URL using any shortened URL checker like CheckShortURL .

For example, I created a shortened URL of www.facebook.com using Bitly which is https://bit.ly/18AOiDE and typed it in CheckShortURL to check the actual URL. It gave the following result.

Facebook Short URL

 

Facebook Short URL

Expanded URL

 

Expanded URL

2. Check for the owner of the website using WHOIS Lookup.

All domains are registered through some registrar which keeps the domain owner’s information in their database. A simple WHOIS lookup helps you to check who is the owner of the website. However, some owners might opt for WHOIS protection which doesn’t display their information publicly.
You can check WHOIS lookup on this link. For example, I requested WHOIS lookup of facebook.com.

WHOIS Lookup for facebook.com

 

WHOIS Lookup for facebook.com

It displayed all the information from registrar name, domain creation and expiry date, nameservers etc. Here domain creation date can be seen as a parameter to detect phishing website. Hackers registers a new domain for phishing purpose means it is created recently.

3. Check for the SSL certificate of the website.

All popular and trusted websites are encrypted with SSL. You can check for the padlock at the start of the address bar. If you don’t find it, it’s a non-secure website and you should not enter any sensitive information on that website. As I said in my SSL post, SSL only encrypts data being transferred from client to server. It’s very easy to get an SSL certificate for a website and hackers also use SSL encryption for their phishing website so that it looks legitimate. So this system is not foolproof.

Even if a hacker buys himself an SSL certificate, he can get caught by looking at the certificate details. You can do it by clicking on the padlock icon and then clicking the certificate option. It reveals the real domain to whom the certificate is issued.

Facebook SSL Certificate

 

Facebook SSL Certificate

4. Check for IDN Homograph attack.

Some phishing website URLs look exactly similar to the actual website URL along with SSL encryption. This method leverages the similarity of character scripts to create phishing domains of existing ones and lure visitors. A domain name can be registered in different languages and any two languages can contain a character which looks the same in both the languages. For example, Cyrillic small letter ‘a’ (Unicode Hex U+4030) and Latin small letter ‘a’ (Unicode Hex U+0061) looks the same for naked eyes but they are two different characters.

Here, a hacker can register the domain as ‘facebook.com’ replacing the Latin character ‘a’ with Cyrillic character ‘a’. So the spoofed website address also looks like ‘facebook.com’. Hence it’s difficult to spot the real ‘facebook.com’.

Facebook Actual URL

Facebook Homoglyph phishing URL

But, this problem has a simple solution. Just copy the URL and paste it in the address bar in another tab. It reveals the actual domain name which looks something like this: https://www.xn--faebok-I0e15h.com. It is a homoglyph URL of facebook.com. Modern web browsers immediately reveal the original URL as soon as you type the URL in the URL bar, even the homoglyph one. So now it’s not a problem at all.

Phishing Detection Infographic

Conclusion

As the cybersecurity awareness is increasing among people, cybercriminals are finding new and innovative ways to hack them. Especially new phishing attack vectors. But if you follow the above steps, you can protect yourself from being the victim of phishing attack.

 

 

Read more:

What is Ransomware? Its working & prevention methods

7 Golden Tips for Safe Web Surfing |(2019 UPDATED)

How To Know if You’ve Been hacked?

Sharing is caring!

 

8 thoughts on “How To Detect Phishing Website? | Ultimate Guide”

  1. I needed to thank you for this great read!! I definitely enjoyed every bit of it.
    I’ve got you book marked to check out new things you Ahaa, its nice dialogue
    regarding this piece of writing here at this weblog,
    I have read all that, so now me also commenting at this place.
    Hey there! I’ve been reading your weblog
    for some time now and finally got the courage to go ahead
    and give you a shout out from Atascocita Texas! Just wanted to mention keep up the great job!
    http://alexa.com

     
  2. Hеllo there, I found your web site viа Gοoghⅼe even as searching for a related topic, ylur web sitе got here up, it seedms goоɗ.

    I’ve bookmɑrked it in my google bookmarks.
    Hi there, juѕt became aѡar of your weblog thru Google,
    and located tha it’s truly informative. I’m gonna bbe careful for brussels.
    I will bee grateful іf you hаppen to proceed thiѕ in future.
    Many other folkѕ will likely be benefited from ylur ԝriting.
    Cheers!

     
  3. I’vе been exploring for ɑ ƅit for any hіgh-quality articles оr blog posts on thiѕ sort οf house .

    Exploring іn Yahoo I ultimately stumbled upoln tһis site.
    Studying thiѕ info So i’m haρpy to exhibi tһat I haѵe аn incredibly
    good uncanny feeling I camе upon exactⅼy whhat
    I neеded. I ѕuch a lot indubitably ԝill makе certain to don?t forget thіs site and give іt
    a glance оn a relentless basis.

     
  4. I reckon various blog lovers should take this web
    site as being a definite unit, quite and also exceptional straightforward designing, as well as the content material.
    You are an expert in this topic!

     

Leave a Comment

%d bloggers like this: