Phishing email scams are becoming increasingly sophisticated and difficult to detect. The increasing use of automating for phishing attacks and the fact that the Ransomware became very profitable for cybercriminals, phishing email scams have exploded.
Some relevant phishing statistics:
- Almost a third of all data breaches in 2018 happened via phishing.
- Each 20 seconds a new phishing site is created on the Internet.
- more … than 70% of phishing emails are opened for your goals.
- The 90% of security breaches in businesses are the result of phishing attacks.
- Small and medium businesses lose an average of $1.6 million when recovering from a phishing attack.
- Apple is the most supplanted brand by cybercriminals.
- more … than 77% of organizations do not have an incident response plan of cybersecurity.
What are the dangers of email links?
Links aren’t really dangerous until you click on them.
Hackers send emails containing links to:
- Check that your email is valid (and therefore send you more dangerous messages).
- Trick you into visiting a fake website and enter your credentials from a popular website.
- Take advantage of your web browser to control your computer or download malicious code (like ransomware).
Links, URLs and Domains
URLs are the full addresses of specific websites: www.dailydelicious.net/recipes/spider-cookies/
Links point to specific URLs. Links make URLs clickable.
Links can point to plain text URLs clickable.
Links can also be fully displayed: https://www.bancointernacional.co
In a URL, the domain name—in this example, bankwombat.com– works as a homepage address for a website.
Attackers manipulate URLs to trick users
Manipulating a URL goes beyond using the correct words to trick you. Attackers often modify links in other ways to make them look like valid URLs.
We see some examples:
Short URLs are forwarding addresses for longer links. Attackers use web shortening tools to hide the true destination of the link. Example: http://bit1y.com/7P43bh2
If you think you have received a shortened URL, you can search the web for a URL extender. Copy the URL and paste it into the tool to find out where the URL actually goes.
Businesses like to use names, not numbers, in their domain name.
Avoid links that contain four sets of numbers separated by periods after the ://. Example: http://188.8.131.52
Scammers can use number-based URLs to hide malicious sites. If you’re not sure where a numeric URL is going, don’t click on it.
Attackers trick users into substituting letters and numbers to make a URL appear identical to a legitimate site. For example, 0 (the number) and O (the letter), l (lowercase L) and I (uppercase i) or vv (like w).
Here is an example of similarity:
At first glance, these two domains look nearly identical, making it easy to miss the (rn for m) substitutions.
Attackers frequently add hyphens to official brand domains, creating malicious links. Example: http://www.my-bancowombat-online.com
Some legitimate sites use hyphens in their domain name, but don’t click on the URL if it doesn’t look like one you know and trust.
Don’t ignore the domain
Looking closely at a URL can help you determine if the domain is fake or legit. If you want to know where a URL actually goes, look at the part after the :// but before the first /. Read this part from right to left, starting with the first /.
read between the dots
You can also start with the text to the right of the first dot after ://—shandite.com is the genuine domain. This is the site you would visit if you clicked on the link.
What to do instead of clicking
- do only click on links in emails if you expect them (for example, in the case of an order confirmation for a product).
- If you trust the name of the organization that sent the email, type the URL you know and trust in your browser or use your bookmarks. This way, you can see if there is something to watch out for without risking navigating to a dangerous site.
- Hovering over links is a good habit. Hover over the link and read the URL that appearsbut don’t click on the link.
- Use your favorite search engine to check the site. When searching for a fake domain, the domain in the first result should match the one you entered.