How to Make a Phishing Link: Understanding the Threat and Safeguarding Your Email

Oct 14, 2024

Phishing attacks have become one of the most dangerous and effective forms of cybercrime. Cybercriminals have honed their craft by targeting with more convoluted methods to swindle users into clicking a malicious link. In this post, we’ll take an in-depth look into how phishing links are crafted, and we’ll cover practical steps to protect yourself and your organization. We'll also include visual examples of phishing techniques, code snippets, and steps to verify the legitimacy of suspicious websites.

Hacker creating a phishing link

What is Phishing?

Phishing is a cyberattack where attackers disguise themselves as legitimate entities—through email, websites, or other forms of communication—to trick users into revealing sensitive information such as bank account details, DOB, OTP(One Time Password), Residential Address, Email Accounts, passwords, credit card numbers, or confidential business data related to the organization. Phishing links are commonly embedded within emails that look like they’re from reputable sources, but lead users to fake websites designed to steal their information.

Step 1: Crafting a Deceptive Domain Name

One of the core strategies in phishing is creating deceptive domain names that closely resemble legitimate websites. For instance:

• Homoglyph Attacks: Using characters that visually resemble others, such as replacing the letter 'O' with '0' (zero), e.g., g00gle.com.

• Typosquatting: Registering domains with common misspellings, like facebok.com instead of facebook.com.

• Subdomain Tricks: Creating subdomains that mimic legitimate ones, e.g., login.yourbank.com.scam.com.

Attackers will leverage these tricks to fool the victim into believing they are visiting a legitimate site.

Step 2: Using URL Shorteners and Cloaking

URL shorteners like bit.ly and tinyurl are commonly used to obscure the real destination of a phishing link. This tactic makes it difficult for users to see where the link leads without clicking it. Let’s take a look at three examples of how phishing links can be crafted using shortened URLs and cloaking:

Example 1: Using a URL Shortener

<a href="https://bit.ly/3phishing">Click here to claim your prize!</a>

In this case, the user sees a shortened URL, which could redirect to a malicious website. Without additional scrutiny, the destination is entirely hidden.

Example 2: Cloaked Link in HTML

<a href="https://malicious-site.com" style="display:none;">Click here to verify your account.</a>

The attacker uses HTML to hide the link or visually disguise it, making it appear as part of an email from a reputable source.

Example 3: Spoofed URL with Anchor Text

<a href="https://malicious-site.com">https://www.yourbank.com</a>

Here, the text displayed looks like a legitimate bank URL, but the actual link points to a malicious site.

Pro Tip: When you hover over any link in an email or website, your browser will usually show you the true URL at the bottom left of the screen. Always check this before clicking.

Step 3: Embedding Links in Emails with Social Engineering

Social engineering plays a vital role in phishing attacks. Attackers manipulate human emotions such as urgency, fear, or curiosity to push victims to click on a malicious link. Here are three email examples that highlight how phishing links are embedded and presented:

Example 1: Fake Payment Confirmation

<p>Your payment of $589.99 to <b>Amazon</b> has been received. If this was not you, please <a href="https://scam-site.com/fake-login">click here</a> to report fraud.</p>

Attackers use panic by claiming a large sum of money has been charged, tricking the recipient into clicking the link out of fear.

Example 2: Urgent Account Suspension

<p><b>Action Required:</b> Your PayPal account will be suspended in 24 hours unless you <a href="https://phishing-site.com/paypal/login">update your payment information</a>.</p>

The urgency to resolve an issue with their account compels victims to follow the phishing link.

Example 3: Tempting Prize Offer

<p>Congratulations! You’ve won a $500 gift card to <b>Target</b>. Please <a href="https://fake-gift.com/claim">click here</a> to claim your reward.</p>

In this case, curiosity and greed have lured the victim to click the malicious link in hopes of claiming a prize.

Note: Email filters may not always catch these types of scams, especially when the links appear to be legitimate. Always verify the sender’s email address and scrutinize the content before clicking.

Step 4: Checking Who Owns the Website

One of the best ways to check the legitimacy of a website is by finding out who owns the domain. Attackers often register domains for short-term use and do not invest much effort in building a credible presence. Tools like WHOIS provide information about the registration details of a domain, including the owner, the registration date, and the hosting country.

Here’s how you can check ownership:

  1. Visit a WHOIS lookup service like whois.domaintools.com or who.is.

  2. Enter the URL of the suspicious website.

  3. Review the domain registration details.

If the domain was recently created or registered by a private or suspicious entity, it’s a red flag.

Example WHOIS lookup for a suspicious domain:

Domain Name: malicious-site.com
Registrar: SCAMMER REGISTRAR INC.
Creation Date: 2023-10-01
Registrant Name: PRIVATE REGISTRATION
Registrant Country: Unknown

If you see a short registration history or private information, be cautious about interacting with that website.

Step 5: Research the Company Behind the Website

Another important step in verifying whether a link or email is trustworthy is conducting basic research about the company or organization mentioned. Here’s how to do this:

  1. Search the company’s name on Google and check the official domain listed in the search results.

  2. Cross-check the email sender’s address with the domain. For instance, a legitimate company will not use a free email service like Gmail for official communication.

  3. Look for online reviews or mentions on trusted websites to confirm whether the company exists and has a good reputation.

For example, if you receive an email from "Amazon" but the sender’s email is amazon-help@randomsite123.com, it’s likely a phishing attempt. Legitimate companies always send from verified email addresses, such as @amazon.com.

Additional Tips for Verifying Companies:

• Check their social media presence (LinkedIn, Twitter) for credibility.

• Search for any public warnings related to the company, especially if it’s a common phishing target (e.g., Amazon, PayPal).

How to Identify Phishing Links

Identification of a phishing link

Let’s revisit some common ways to identify phishing links:

  1. Hover over the link: Before clicking, hover over the link to see the full URL. If it looks suspicious or unfamiliar, do not click it.

  2. Check for HTTPS: Always look for the padlock symbol and HTTPS in the URL. However, be aware that some phishing sites now use HTTPS, so this is just one part of your overall security checks.

  3. Analyze the domain: Ensure the domain name is spelled correctly and doesn’t have unusual characters or extra numbers.

  4. Watch out for shortened URLs: If a shortened URL is used, try to expand it using services like CheckShortURL to verify the real destination.

How to Protect Yourself from Phishing Links

  1. Train employees: Regularly educate staff on how to recognize phishing attempts, especially in emails.

  2. Use email security tools: Implement email filtering solutions to block suspicious emails before they reach your inbox.

  3. Enable multi-factor authentication (MFA): Even if credentials are compromised, MFA can provide an extra layer of security.

  4. Phishing simulations: Test your organization's readiness with phishing simulations offered by Clearphish.ai to improve resilience.

Real-Life Phishing Attack Case Study

In 2022, cybercriminals targeted small businesses with a phishing campaign that claimed to offer COVID-19 relief loans. Victims received emails from what appeared to be a government agency, urging them to apply for relief funds. The email contained a phishing link that led to a page mimicking a legitimate government website. Once users entered their business details and banking information, attackers swiftly drained their accounts.

This incident serves as a reminder of how attackers capitalize on current events and use fear and financial incentives to lure victims.

Conclusion: Stay Ahead of Phishing Threats

Phishing links are a persistent threat, but understanding how they work can drastically reduce your chances of falling victim. By learning to recognize the signs, verifying websites, and adopting security measures like email filters and MFA, you can protect yourself and your organization.

Call to Action: Want to fortify your defenses against phishing attacks? Contact ClearPhish for a free consultation or sign up for our phishing simulation services today.

Latest Blogs

Understanding the Dark Web: The Basics (Part 1)
Understanding the Dark Web: The Basics (Part 1)
Understanding the Dark Web: The Basics (Part 1)
Understanding the Dark Web: The Basics (Part 1)

Understanding the Dark Web: The Basics (Part 1)

Understanding the Dark Web: The Basics (Part 1)

Understanding the Dark Web: The Basics (Part 1)

Understanding the Dark Web: The Basics (Part 1)

Nov 5, 2024

Why Cyber Awareness is Essential for Companies: Expert Tips for Building a Security-First Culture

Why Cyber Awareness is Essential for Companies: Expert Tips for Building a Security-First Culture

Why Cyber Awareness is Essential for Companies: Expert Tips for Building a Security-First Culture

Why Cyber Awareness is Essential for Companies: Expert Tips for Building a Security-First Culture

Oct 25, 2024

Phishing Training for Employees: Expert Tips on How to Stay Safe and Protect Your Organization

Phishing Training for Employees: Expert Tips on How to Stay Safe and Protect Your Organization

Phishing Training for Employees: Expert Tips on How to Stay Safe and Protect Your Organization

Phishing Training for Employees: Expert Tips on How to Stay Safe and Protect Your Organization

Oct 18, 2024

How to create a Phishing Email
How to create a Phishing Email
How to create a Phishing Email
How to create a Phishing Email

How to Create a Phishing Email: An In-Depth Guide

How to Create a Phishing Email: An In-Depth Guide

How to Create a Phishing Email: An In-Depth Guide

How to Create a Phishing Email: An In-Depth Guide

Oct 4, 2024

Phone receiving a suspicious SMS, representing a smishing attack
Phone receiving a suspicious SMS, representing a smishing attack
Phone receiving a suspicious SMS, representing a smishing attack
Phone receiving a suspicious SMS, representing a smishing attack

Smishing: The New Face of Digital Fraud

Smishing: The New Face of Digital Fraud

Smishing: The New Face of Digital Fraud

Smishing: The New Face of Digital Fraud

Sep 30, 2024

How to create a phishing link
How to create a phishing link
How to create a phishing link
How to create a phishing link

How to Make a Phishing Link: Understanding the Threat and Safeguarding Your Email

How to Make a Phishing Link: Understanding the Threat and Safeguarding Your Email

How to Make a Phishing Link: Understanding the Threat and Safeguarding Your Email

How to Make a Phishing Link: Understanding the Threat and Safeguarding Your Email

Oct 14, 2024

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.