Kaspersky Reveals How Cybercriminals Disguise Phishing Links

Photo: Cyber threat illustration (Photo: Doc. Kaspersky)

JAKARTA - According to cybersecurity firm Kaspersky, some company employees said they were confident and said they did not click on malicious links so they were not vulnerable to cyber threats.

However, attackers often disguise malicious links and phishing, trying to confuse email filters. What they want is to get the victim to click on the address that actually takes him to another address.

The following, Kaspersky will outline the most common method cybercriminals use to disguise malicious URLs or phishing.

Symbol @ at the address

The simplest way to hide the original domain in the address is to use the symbol @ in the URL, because it is a completely valid symbol. However, if the data before the symbol @ is false and is not suitable for authentication, the browser will direct the user to the address located after the symbol @. So, cybercriminals take advantage of this method.

The number is not an IP address

Kaspersky also mentions another way to hide phishing links completely, by turning a site's IP address into an integer. So, when combined with the same @ symbol, this effectively hides the real domain. For example: http://google.com...%@3109359386/

URL shortening service

Another simple way to hide the original URL is to use one of the legitimate link shortening services. You can actually enter anything into a short link and it's impossible to check what's hidden there without clicking.

Google Accelerated Cellular Page

A few years ago, Google and some of its partners created a Google AMP framework for a service intended to help web pages load faster on mobile devices. Now, Kaspersky finds that attackers have learned how to use this mechanism for phishing.

An email contains a link that starts with google.com/amp/s/, but if the user clicks on it, they will be directed to a site that doesn't belong to Google. Even some anti-phishing filters are often deceived by this trick.

Email service providers

Another way to hide your page behind other people's URLs is to use ESPN, a service to create legitimate newsletters and other incoming emails. In short, attackers will use one of these services, create an email delivery campaign, enter a phishing URL, and as a result get a ready-to-use net address, which has a reputation as an ESPN company.