Phishing links – what are they and how to spot them

Phishing links are conditions exploited by malicious internet users to deceive and manipulate. With the help of links of this kind, they can extract personal information from individuals and use it for their own objectives. To an ordinary person, such a link often appears legitimate, especially since they are specifically designed to look that way. The user believes they have entered a well-known site, so they safely enter their confidential data. However, ultimately, they fall prey to the fraudsters.

More about phishing links

Phishing links are one of the types of fraud that occurs on the internet. Users are misled, creating an impression of reliability and privacy. As a result, the fraudsters can obtain a person’s card number and PIN code, as well as passwords and logins for accessing personal accounts and other confidential data.

Why is such a method called phishing? Because “fishing” in English translates to “fishing,” and individuals becoming victims are likened to fish caught on a hook. The proposals that novice users receive are truly alluring. Typically, they are offered to take part in a giveaway, win prizes, or are informed that they are lucky, as there is a unique offer for them.

Phishing is not a new term. It originated back in 1996 when internet scams began their evolution. People received messages via electronic mail that contained links. To access them, they needed to provide their personal information.

In 2019, a similar situation arose when information appeared on the internet that the Adidas company was giving away free sneakers. Ultimately, it became clear that all these were fraudsters’ tricks. They aimed to obtain from people their phone numbers, contact lists, and personal information under the guise of providing the desired sneakers, where a user was to share the promotional message with several acquaintances and also enter their card number in the form.

Types of phishing links

The most commonly used phishing links are three types:

• Via email. Emails come from well-known companies (mostly financial). The domain tends to be simple; hence, it is easy for the person not to pay attention to their name and family. The email contains a link through which the user needs to enter their data.
• On Instagram. Hackers often present themselves as advertisers, after which they send a message to a known blogger on Instagram, asking them to visit their page. When following the link, the user sees the initial page of the same social network, where they, of course, are required to enter their data so that their account can be reopened. If the blogger does not suspect anything and enters the login and password, the fraudster immediately receives them.
• On VKontakte. To organize such a affair, hackers create a precise copy of the social network and then host it on hosting. After, they send a link to the newly created social network to selected users, recommending them to read the post, like it, participate in a survey or voting. A person enters login and password immediately falling into the hands of the scammer. After that, they send it to all the people on the user’s friends list, asking them to refill their mobile account in return for the cash prize.

Phishing can also manifest in other ways:

• In the form of farming. In this case, special programs are used that are installed on the computer in the form of viruses. With their help, the original site turns into a phishing site.
• Using SMS messages and calls. During the conversation, fraudsters try to obtain a person’s card number and PIN code.
• In the form of a distribution. Fraudsters refer to themselves as cloud specialists, asking to provide personal information to unlock data on your disk.
• With the use of information from social networks. A person receives a business-style email indicating their full name and position. In this way, fraudsters can take over any data about the work of the enterprise.

How phishing links disguise themselves as legitimate

To ensure that the user does not have any doubts about visiting a known site, phishing links make maximum efforts to appear as links belonging to authorized organizations. However, there are details that can distinguish a phishing link from a legitimate one:

• The web resource address will be different – not the one that the legitimate site bears.
• You may notice that instead of http, it uses https.
• The address, presented in addition to the link, does not lead to the legitimate one.

Fraudster traps

To extract confidential data from a person, fraudsters employ various methods:

• They offer to receive some items for free or to win money in a random lottery.
• They threaten to block a person’s card or phone number. In such situations, they typically refer to representatives of mobile operators or bank employees.
• They promise to obtain necessary data for a person or access to something. For example, providing data about their passport or mobile number might allow a person to gain access to watch a movie or download a book.
• They disclose on sites unsecured data, thanks to which they can obtain personal information about people.

Is it possible to distinguish a phishing site from a legitimate one?

Modern browsers, as well as applications fighting against viruses and pirated programs, are usually equipped with protection, allowing users to avoid scams. When a person tries to navigate to a suspicious link, they are immediately notified of it. For instance, using the “Anti-phishing” program in 2018, approximately 90 million transits to phishing web resources were prevented.

We recommend an algorithm that will allow you to check whether a site is fraudulent:

1. Before clicking on an unfamiliar link, check what the actual legitimate address is. For this, you need to click on the link with the right mouse button and select the “View code” option. You might suspect something if the URL is very long, containing strange symbols and words. A legitimate address should be standard-sized, featuring a short name of the web resource and page.
2. If you have already visited a suspected site, carefully study the address, as fraudsters often redirect to other sites as well. Similarly, suspicions should arise from text errors, a distorted site, or content unfamiliar to oneself. Larger companies, especially well-known ones, do not allow such things. Their sites are well-designed and filled with quality content.
3. If you are attempting to make any payments, pay attention to the protocol – the secure one is considered the https protocol. If you see that the site uses the http protocol and also requests a card number from you, such a site should immediately be abandoned.
4. On official sites, when inputting confidential data, the figures are usually hidden behind different symbols (asterisks).
5. Most resources fraudsters create contain viruses. In transitioning to such a link, viruses may attack your gadget or computer. Avoid this hazardous event, and also pay attention to the security of special antivirus programs; hence don’t forget about them.

How to calculate a phishing site with the help of programs?

If you have used the aforementioned methods but still have questions, you can apply specialized services that allow you to detect phishing sites. Here’s a selection of such services:

• Safe browsing from Google. On the main page, there is a line where you need to enter the suspicious address and wait for the results.
• Unmask Parasites. This service works exactly the same as the previous one.
• Unshorten.It! Users typically receive short links, so before a check on the specified service, they must be expanded. You need to enter the link in the line, after which you will see a screenshot of the checked resource and information about it.

How to get rid of a phishing link?

If it happened that you clicked on a phishing link and your computer is now infected with viruses, you can apply antivirus programs. Also, for tracing fraudsters, contact the website whose address was exploited in fraudulent activities.

In Google, you can also send information about the suspected site. For this, you need to enter the URL in the special line, confirm that you don’t work with it, and send it. If you have anything to add, you may write a comment.

A similar function is also available in Yandex. The algorithm is the same – enter the URL in the line, upload a screenshot of the suspected site, write feedback, and send it.

Conclusion

From the article above, let’s summarize the findings:

• Phishing links can be encountered in different places – via email, on social networks, messengers, websites, and in SMS.
• With phishing links, fraudsters present themselves as representatives of authorized companies. To attract user attention, they apply different methods – enticing offers or threats concerning bank problems. In both cases, fraudsters aim to obtain confidential data from a person – their phone number, bank card PIN, social network account passwords, and any information that can be used for their own goals.
• To avoid becoming a victim of fraudsters, do not click on unfamiliar and suspected links. If you have already accessed such a site, carefully check its address, protocol, appearance, and site content. In case of any doubts about the security of the resource, use specialized services, which are accessible to anyone online. Be careful using new versions of browsers, install antivirus programs, and other applications that protect users from fraud.

And finally, if you encounter a phishing link, report it to the search system and the organization whose name was exploited by the fraudsters. This way, you may help prevent further fraudulent activities and protect a vast number of users.