Header Ads

  • Cybersecurity

    What is Phishing link attack



    PHISHING LINKS AND ATTACKS



    How hackers get your Through Phishing

    Phishing Links


    You must have heard Phishing links, probably you have a little knowledge of what Phishing links are, everyday we recieve different emails from people, we just get too excited and open this links without proper verification of where the email was sent from. This article would guild you on how you can spot  Phishing links. 

    At the end of this article you should be able to know what Phishing links are. We  have also provided some tools to help you easily detect Phishing.

    What is Phishing?

    Let's define Phishing and then we define what a link is.

    Phishing is an act of sending a replica or a file to a target to gain information from them. 


    What are Links?

    You must have come accross the word links, but for a better understanding we would define what a link is.

    Links are unique Url that are used to direct a user to specific page on the internet for them to view content or access files.

    Since, we know what a link is, we can now proceed to what Phishing links are, dont get weary we are about to explore.

    What is Phishing Links?

    Phishing Links are malicious links that are created by a hacker by perpetuating to be a reputable company or organization to gain data from an exploited user. 

    Phishing links are mostly crafted in such a way it looks like a replica link this is sometimes quite difficult by an individual to detect, other Phishing techniques also involves the hacker to craft this data in files, documents or data, to gain and access their files without their consent.

    Punishment for Phishing


    Phishing is regarded as a fraudulent act and also as a scam,  "A phishing conviction can easily result in a year or more in prison if you're convicted of a felony". Misdemeanors are considered less serious than felonies.

    Phishing is not totally condemnable, it solely depends on the crime commited by a perpetrator, this would determine the penalty or judgement to be given, most times this could result to jail sentence, huge fines, restitution and probation.

    for more informations on laws against phishing attack read more. 


    Phishing links

    Thus, it’s a malicious act that involves forging a site that looks like a real website, this can be easily done by modifying its Url and copying its page source code, thereby modifying it and hosting it to a look-alike domain to make a user convinced it’s the real website.

     A user might not be aware of this link and might think it’s a genuine link that directs them to the real website or sometimes a file they needed to check on, these links are actually made to steal data from you.

    Phishing links are always made to extort data from you, researchers shows about 78% of successful cyberattacks was achieved by Phishing, others are easily achieved by social engineering.


    A hacker usually studies their targets before they pull out an attack on them. Sometimes Phishing don’t require studying a target, a hacker might pull this attack on a group of people, company/organization. Usually, this exploit won’t be 100% successful, although it gets the weakest user in the organization.


    At the ending of these article, you would be able to identify Phishing links when you see them.


    It has been proposed that majority of successful hacking was done using “Phishing method” as said earlier, every hacker studies their target and get to know what they like, what they eat, where they go, TV shows they watch, favourite sports and anything cognitive to the target, the act of studying your target and gaining these informations is termed “Footpriniting”.


    TYPES OF PHISHING ATTACK

    Phishing can be done through diffrent ways, listed below are type and ways phishing attacks are achieved.

    Vishing 

    What's Vishing ?
    Vishing is a process whereby a hacker exploit its target through voice conversation, thereby trying to get sensitive information from their target by pretending to be an operator in an organization.

    Vishing is an accronym which means  Voice Phishing.

    This type of Phishing involves a hacker to extort information from a target, this can be easily achieved by trying to confuse them about a legit business or claiming they are calling from the bank . This is usually a deadly type of Phishing that is used mostly by Social engineers.  

    You can read more about Footprinting.

    Why Does Hackers Use Phishing?

    Phishing has been one of the most successful hacking method employed, we have heard about how Russians extorted data from the United States during Donald Trump’s election, which they had access to top government official’s data, this was done by Phishing, but this time, a “Master Phishing”, which is called “Spear Phishing”. I won’t have to explain in-depth what Spear Phishing is but would give an insight of what you need to know about “Spear Phishing”.

    What is Spear Phishing?

    Spear Phishing is an act of targeting a single user, by sending a specific link to a user, this is by chance 70% successful exploit.( it always a successful exploit, as it acquires access to target data).
    This is mostly successuful due to the excessive time the hacker takes in studying their target, a hacker might study a target for a span of 2 years or more, so this exploit is very successful.

    How is Phishing Done?

    Phishing can be easily done by sending a “malicious link” to a user, copying a website source code and hosting it to a look-alike domain, deceiving them of a legit website they always visit.

    Types of Phisihing Attacks

    The following are types/methods of how phishing are carried out everyday, we have listed how these attacks can be exploited.

    • Phishing that replicate a website.
    • Sending files as documents.
    • Pop Ads.
    • Porn Ads.


    Phishing that replicate a website.

    This kind of Phishing is a common Phishing method employed by hacker to gain access to a computer. This is easily done by creating a look-alike website, we have different website source code, even websites copying software(s) that can help you do that, or easily done by copying the website source code. Let’s take for instance, George always send email address via emailaddress.com,
    Vishing

    A target studies George and get a list of where he sends these email address to. A hacker studies the people George always chat with, he creates an account, for instance George normally transact with IPAS company, a target knows George business partner, he creates a look alike email and claim he is one of IPAS or claim the company couldn’t contact George using the normal email address,


    George didn’t make proper findings and eventually provided sensitive informations to the hacker, the hacker could make George click a link claiming it’s a business link, George clicks on the link and George has been Phished!.
    Phishing Links


    SENDING FILES I.E DOCUMENTS (PDF)

    One also exploitable Phishing method done, is the use of sending a file to target, this mostly looks like a genuine file but is not a genuine file.

    Some companies get hacked through this way when their workers have low IT skills knowledge. A hacker tries by studying its target, knowing every worker turning point also getting to know how indented they are in IT, an easy exploit of sending a malicious file to the worker makes them gain access into the company data,

    More often this can be done by sending files as an attachment, someone with low IT knowledge doesn’t really know how bad it is to click on the attachment, the attachment might look genuine but it’s actually not.

    Pop Ads

    Another way of getting Phished is clicking on Pop up ads, you can get phished when you click on Pop up ads, most pop up ads are malicious, you can get an appetizing message or a Pop up like this,

     “Earn $50000 a day, learn how” or “How I earned $2000 a day using my Phone”.

     These stories looks convincing, a target tends to click on the link, sometimes he/she is required to provide some sensitive data to  access the website, which would enable the hacker easily get the target login username and password.

     These type of attack is mostly employed to random people, not everyone likes clicking on Pop ups, but some would be so happy to see or be convinced to see how true these things are.

    PORN ADS

    Majority of porn ads you can find are always Phishing links, this is by far the most successful Phishing link method exploited to people, as we all know people always get easily carried away with Porn.

    This attack is done on Facebook, I usually get emails from people regarding their account been hacked, when I run my Forensics I tend to see 70% of people hacked on Facebook was due to Phishing links, a target sends a malicious link and the person tends to click on the link, you just gave the hacker your username and password for free amigos.

    How to Know Phishing links

    They are several ways to detect phishing links, the most easiest way is verifying a link by checking the links well, some links are crafted and hidden in website hidden links i.e tinyurl, google link shortner, when you see links like this verify before clicking.

    The method provided below is another way to verify if a website is fake, follow the steps

    Phishing Link Detector

    To confirm if a link is genuine, follow the steps.

    Step 1: Click on the link.


    Phihsing link detector




    Step 2: Insert your link in the scan pane, like below.
    Phishing link detector





    Step 3: Click on Check to see if it is a Phishing link.
    Phishing link detector

    HOW DO I PROTECT MYSELF FROM PHISHING

    Reading through this and understand what Phishing links are, how they look like and how they are used on people. It is very important to be security conscious. How do I protect myself from Phishing? :

    • Always look out for links before you click them.
    • Don’t download a file when you are not sure of the website or source.
    • Always verify if a website is genuine, do not just provide informations to websites anyhow.
    • Look out for the http if it is actually an http(s) the s stands for secured.
    • Don’t click on porn ads just anyhow.
    • Don’t chat with a malicious crafted email, if you notice any malicious intent block the account immediately.
    • Keep sensitive informations private.
    • Always change your password more often.
    • Don’t give full access to workers, workers should be given limited access to informations.
    • Scanning of files or attachment before download.
    • Confirm the file extension of an attachment before you open them for a PDF file,  the file extension should have .PDF
    • Don’t click on any link on Facebook, yahoo, or anywhere you are no sure of.
    • Don't provide your informations to a suspicious person who call you over the phone. 


    If you have anything to say kindly drop a comment below or send us information via.
    Contact form