Phishing is one of the, if not the biggest, cyber risk to businesses.
Metacompliance found that 91% of cyber attacks started with a phishing campaign.
Unfortunately, it is also probably one of the hardest attacks to defend against, as criminals continue to tweak their campaigns and understand what makes us act. They are super social engineers.
One of the ways that criminals use phishing campaigns is to get us to click a link which takes us to a webpage which looks genuine and when we log in, it captures our account details which are then exploited.
Being able to identify when a link is malicious is a key ability which can protect your business from falling victim to phishing campaigns.
Structure of URLs
If your website is like your home, then your URL is your home address. The domain is unique, so ecrcentre.co.uk is different from ecrcentre.net.
The protocol determines how information travels from you to the domain and back. HTTPS means that the information is encrypted, and most legitimate websites will use this protocol, so a warning sign might be a HTTP URL. The directory is the path to the exact page within the website.
The most important part to look at in the URL is the domain part. Look for the last dot (.) to work out if where you are being sent is where you expect. An example of this could look like http://microsoft. com.office365.ru where the criminals are hoping that you look at the start and see Microsoft.com (with an extra space) and don’t notice that actually the domain ends office365.ru – a completely different place.
Five ways that URLS can be Phished
URL phishing most often comes in the following forms:
“Legit” links. These phishing links use legitimate websites, such as Google or Bing search engine results, to redirect the victim to websites they want, like this (this one is safe to check, but hover over the link to see where the URL leads first).
Masked links are hyperlinks that are overlaid on top of legitimate ones that lead to a different page, for example, www.findaphish.com/ (actually leads to the ECRCentre.co.uk/sign-up page).
Typosquatting is URL phishing done by purposefully changing, skipping, or mistyping letters in a domain name like https://twirtter.com (do not visit) instead of https://twitter.com.
Malformed prefix links prey on people who do not pay attention to a URL’s prefix. For example, http://google.com (fake, do not visit) is different from https://google.com (legit).
Subdomain links give an illusion that a link leads to a legitimate site, but it’s a purposefully misplaced subdomain in the middle of a URL, e.g., https://microsoft.com.office365.ru vs. https://microsoft.com/office365
Surfshark had this great example of what this looks like in practice
How to identify URL phishing
1. Does it come from a suspicious email or message?
2. If you hover over the link, does it show the same location as the displayed?
3. Is the domain name correct with no extra “.somethings” at the end?
4. Is the protocol as you would expect i.e., https and not http?
5. Are you being re-directed through a search engine?
If any of these are a “Yes” then don’t click on the link. Go to the legitimate site and confirm the information there.
Confirm independently - If you received an attachment that you were not expecting, or a change of payment details, confirm the details with the person using a method other than the one in the communication – criminals might be monitoring the email address or have changed a phone number, so it goes to them.
Report it - If you think you have received a phishing email, then you need to report it. Your business should have a policy about this, and your staff should understand what they need to do, whether they have fallen victim or just received it.
Reporting a suspicious website - https://www.ncsc.gov.uk/section/about-this-website/report-scam-website.
Reporting a suspicious email – forward to firstname.lastname@example.org
Reporting a suspicious text message – send to 7726. This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.
The NCSC has an add-in which you can use in business versions of Outlook to report phishing emails directly to them so that they can investigate and potentially remove the threat. This could also help to keep phishing in mind when they receive an email, like a little nudge.
Our affordable Staff Awareness Training could help your staff to recognise a Phish. If you would like more information about this then contact us.