Cybercriminals are always finding new ways to make their shady activities harder to detect. Due to the increasing awareness of phishing attacks and other similar cyber threats, they have resorted to hiding malicious links to make them seem harmless at first glance. Potential victims then click on an address that actually takes them to a web page designed to trick them into sharing sensitive data. Below, we’ll break down different methods cybercriminals use to mask harmful URLs, so you can recognize and avoid them. Here’s what you should know!

1. Inserting the @ Symbol

The @ symbol is typically used to integrate login and password details into a website address. This is a legitimate practice in HTTP. Cybercriminals exploit this by creating a convincing page name that includes the name of a real, trustworthy site and placing the malicious URL after the @ symbol. The browser will recognize the page name as invalid, and instead redirect the user to the address after the @ symbol. This address leads to a website created for a malicious purpose such as a scam or a cyber attack. This is how it would look like:

http://convincing-yet-invalid-page-name-on-trustworthy.com@actuallyscam.com

2. IP Address Converted to Numbers

Another tactic that cybercriminals use is converting the IP address into an integer. IP addresses can legitimately be changed into a series of numbers for easier storage. Integers can also be converted back into IP addresses. In fact, most modern browsers do the latter automatically whenever there are numbers in a URL. By combining this with the @ symbol, an attacker can effectively hide the real domain in the address. The disguised malicious link in this method would most likely use the address of a trustworthy corporate website before the @ symbol followed by the integer of the actual destination, which is a malicious website. Here’s an example:

http://trustworthy.com…%@8892770966/

3. URL Shortening Services

Using one of the legitimate link shortening services is a simple way to hide a phishing URL. These services create condensed versions of long web addresses, commonly used for sharing short links in limited character spaces. By turning a dangerous link into a version that appears different, attackers attempt to bypass security systems and email filters that may flag known malicious URLs.

4. Using Email Service Providers

An ESP (Email Service Provider) can help you create newsletters and email campaigns. A cybercriminal may take advantage of it to set up a mailing campaign and include a phishing link in it. By using one of these services, they can get a seemingly clean and reputable domain associated with the ESP company. While most of these providers try to prevent misuse, threat actors sometimes succeed in exploiting their platforms.

5. Google AMP Framework

AMP (Accelerated Mobile Pages) is another service that attackers have learned to exploit for phishing. It’s a framework from Google that’s intended to help web pages load faster on mobile devices. When a page optimized with AMP appears in search results, the URL will show Google’s domain. It would look like this:

https://www.google.com/amp/www.example.com/amp.doc.html

In a phishing scenario, an attacker may send an email containing a link that starts with “google.com/amp/s/”. If the user clicks it, they will be redirected to a deceptive site. Because of Google’s trusted reputation, even some anti-phishing filters may not immediately flag such links as suspicious.

How to Defend Against Threats from Malicious URLs

When you click on a malicious URL, you can get tricked into entering your personal information, such as passwords and bank credentials, or have malware automatically installed on your device. This can lead to serious consequences for individuals, small businesses, and major enterprises alike. The good news is that being proactive about cybersecurity can help you avoid falling into such traps. Here are some essential tips:

• Hover Over Links – Hover your mouse over a link without clicking to see the actual URL. This can reveal if the link’s destination matches its description. If it looks strange or different from what you expected, don’t click.
• Be Skeptical of Incoming Emails – If you get an email that you weren’t expecting, be cautious. If something feels off, contact the sender through a different method, like calling, to confirm if the email is real. Watch out for spelling and grammar mistakes, as these can be signs of phishing. Don’t click on links or download attachments from suspicious emails.
• Look for “HTTPS” – Check if the website uses “HTTPS” instead of “HTTP.” The “S” stands for secure, indicating a safer connection.
• Update Your Browser – Keep your web browser up to date to benefit from security updates. Updated browsers are better equipped to identify and block sites with malicious content.
• Use Trusted Sources – Stick to reputable search engines, as they are more likely to prioritize trustworthy websites in their results.
• Double-Check Shortened URLs – If you encounter a shortened URL, use a URL expander to reveal the full link.

Being Alert Can Help You Stay Safe Across Platforms

Cybercriminals often try to confuse potential victims with clever tactics, but staying alert can be your best defense. Whether you’re scrolling through social media, browsing websites, or using phone apps, paying close attention to details can make a significant difference in your online safety. By being aware of how common cyber threats work and adopting cautious habits, you can take immediate action to keep your digital accounts and personal information secure.

Michael Benadiba

CTO & Cloud Expert