• Cybersecurity

    What is Phishing link

    How hackers get your Through Phishing

    Phishing Links


    You must have heard Phishing links, probably you have little knowledge of what Phishing links are. Everyday we recieve different emails from people, and we just quickly open to see them without proper verification of where the email was"sent from". We have composed a complete guide on Phishing links. 

    At the end of this post/article you should be able to know what Phishing links are.We  have also provided some tools to help you easily detect Phishing.

    Well, the knowledge is more Important, let's get you to be a Cyber forensic expert in no time.

    What is Phishing?

    Let's define Phishing and then we define links.

    Phishing is an act of sending a “Replica” or a file to a target to gain information from them I.e. Banking details, username and password.

    What are Links?

    We all must have been conversant with the word Links!.
    Links are unique Url that are used to direct a user to specific page on the internet for them to view its content.

    What is Phishing Links?

    Phishing Links are malicious links that is created by an hacker to get information from them or even access their data without their consent. Phishing links are/is a “replica” link, or sometimes crafted/imbibed in a file, documents or data, to gain and access their files without their consent.

    Thus, it’s a malicious act that involves “forging a site” that looks like a real website, by simply modifying its Url and copying its page source code, thereby modifying it and hosting it to a Domain to make a user convinced it’s the real website.

     A user might not be aware of these links and might think it’s a “genuine link” that directs them to the real website or sometimes a file they needed to check on, these links are actually made to steal data from you.

    Phishing links are always made to extort data from you, researchers shows about 78% of successful cyberattacks was achieved by Phishing, others are easily achieved by social engineering.


    A hacker usually studies their targets before they pull out an attack on them. Sometimes Phishing don’t require studying of a specific target, a hacker might pull this attack on a group of people, company/organization. Usually, this exploit won’t be 100% successful, although it gets the weakest user in the organization.


    At the ending of these article, you would be able to identify Phishing links when you see them.


    It has been proposed that majority of successful hacking was done using “Phishing method”. We all know every hacker studies their target gets to know what they like, what they eat, where they go, TV shows they watch, favourite sports and anything cognitive to the target, the act of studying your target and gaining these informations is termed “Footpriniting”.


    Vishing 

    What's Vishing ?
    Vishing is a process whereby an hacker exploit its target through voice conversation, thereby trying to get sensitive informations from their target.
    This (Vishing ) is a type of Phishing as it name implies, (Vishing) Voice Phishing.

    This type of Phishing involves a target to extort informations from their target, trying to confuse them about a legit business or claiming they are calling from the bank . This is usually a deadly type of Phishing that is attracted to Social Engineering or Footprinting.

    Why Does Hackers Use Phishing?

    Phishing has been one of the most successful hacking method employed, we have heard about how Russians extorted data from the United States during Donald Trump’s election, which they had access to top government official’s data, this was done by Phishing, but this time, a “Master Phishing”, which is called “Spear Phishing”. I won’t have to explain in-depth what Spear Phishing is but would give an insight of what you need to know about “Spear Phishing”.

    What is Spear Phishing?

    Spear Phishing is an act of targeting a single user, by sending a specific link to a user, this is by chance 70% successful exploit.( it always a successful exploit, as it acquires access to target data).

    How is Phishing Done?

    Phishing can be easily done by sending a “malicious link” to a user, deceiving them of a legit website they always visit. A typical example of this is, Phishing can be done in different ways.


    Types of Phisihing Attacks

    The following are types/method of Phishing carried out everyday. You might have come accross these  following attacks, we have listed how these attacks can be exploited.

    • Phishing that replicate a website
    • Sending files as documents
    • Pop Ads
    • Porn Ads


    Phishing that replicate a website.

    This kind of Phishing is a common Phishing method employed by hacker to gain access to a computer. This is easily done by creating a look-alike website that a target always visits. This is quite easier too, we have different website source code, even websites copying software(s) that can help you do that, or easily done by copying the website Source Code. Let’s take for instance George always send email address via emailaddress.com,
    Vishing

    A target studies George and get a list of where he sends these email address to. A hacker studies the people George always chat with, he creates an account, for instance George normally transact with IPAS company, a target knows George business partner, he creates a look alike email and claim he is one of IPAS or claim the company couldn’t contact George using the normal email address,


    George didn’t make proper findings and eventually provided sensitive informations to the hacker, the hacker could make George click a link claiming it’s a business link, George clicks on the link and George has been Phished!.
    Phishing Links


    SENDING FILES I.E DOCUMENTS (PDF)

    One also exploitable Phishing method done, is the use of sending a file to target, this file looks like a genuine file but is not a genuine file.

    Some companies get hacked through this way when their workers have low IT skills knowledge. A hacker tries by studying its target, knowing every worker “turning point” also getting to know how indented they are in IT, an easy exploit of sending a malicious file to the worker makes them gain access into the company data,

    More often this can be done by sending files as attachment, someone with low IT knowledge doesn’t really know how bad it is to click on the attachment, the attachment might look genuine but it’s actually not.

    Pop Ads

    Another way of getting Phished is clicking on Pop up ads, you can get phished when you click on Pop up ads, most pop up ads are malicious, you can get an appetizing message or a Pop up like this “Earn $50000 a day, learn how” or “How I earned $2000 a day using my Phone”.


     These stories looks convincing, a target tends to click on the link, sometimes he/she is required to provide some sensitive data to  access the website, which would enable the hacker easily get the target login username and password.

     These type of attack is mostly employed to random people, a pop up shows, not everyone likes clicking on Pop ups, but some would be so happy to see or be convinced to see how true these things are.

    PORN ADS

    Majority of porn ads you can find are always Phishing links, this is by far the most successful Phishing link method exploited to people, as we all know people always get easily carried away with Porn.

    This attack is done on Facebook, I usually get emails from people regarding their account been hacked, when I run my Forensics I tend to see 70% of people hacked on Facebook was due to Phishing links, a target sends a malicious link and the person tends to click on the link.

    Phishing Link Detector

    To confirm if a link is genuine, follow the steps.

    Step 1: Click on the link.


    Phihsing link detector




    Step 2: Insert your link in the scan pane, like below.
    Phishing link detector





    Step 3: Click on Check to see if it is a Phishing link.
    Phishing link detector

    HOW DO I PROTECT MYSELF FROM PHISHING

    Reading through this article makes you understand what Phishing links are, how they look like and how they are used on people. It is very important to be security conscious. How do I protect myself from Phishing? :

    • Always look out for links before you click them.
    • Don’t download a file when you are not sure of the website.
    • Always verify if a website is genuine, do not just provide informations to websites anyhow.
    • Look out for the http if it is actually an http(s) the s stands for secured.
    • Don’t click on porn ads just anyhow.
    • Don’t chat with a malicious crafted email, if you notice any malicious intent block the account immediately.
    • Keep sensitive informations safe always.
    • Always change your password more often.
    • Don’t give full access to workers, workers should be given limited access to informations.
    • Scanning of files or attachment before download.
    • Confirm the file extension of an attachment before you open them for a PDF file,  the file extension should have .PDF
    • Don’t click on anyhow links on Facebook, yahoo, or anywhere.
    • Don't provide your informations to a suspicious person who call you over the phone. 


    If you have anything to say kindly drop a comment below or send us information via.
    Contact form