Cybercriminals are always finding new ways to make their shady activities harder to detect. Due to the increasing awareness of phishing attacks and other similar cyber threats, they have resorted to hiding malicious links to make them seem harmless at first glance. Potential victims then click on an address that actually takes them to a web page designed to trick them into sharing sensitive data. Below, we’ll break down different methods cybercriminals use to mask harmful URLs, so you can recognize and avoid them. Here’s what you should know!
The @ symbol is typically used to integrate login and password details into a website address. This is a legitimate practice in HTTP. Cybercriminals exploit this by creating a convincing page name that includes the name of a real, trustworthy site and placing the malicious URL after the @ symbol. The browser will recognize the page name as invalid, and instead redirect the user to the address after the @ symbol. This address leads to a website created for a malicious purpose such as a scam or a cyber attack. This is how it would look like:
http://convincing-yet-invalid-page-name-on-trustworthy.com@actuallyscam.com
Another tactic that cybercriminals use is converting the IP address into an integer. IP addresses can legitimately be changed into a series of numbers for easier storage. Integers can also be converted back into IP addresses. In fact, most modern browsers do the latter automatically whenever there are numbers in a URL. By combining this with the @ symbol, an attacker can effectively hide the real domain in the address. The disguised malicious link in this method would most likely use the address of a trustworthy corporate website before the @ symbol followed by the integer of the actual destination, which is a malicious website. Here’s an example:
http://trustworthy.com…%@8892770966/
Using one of the legitimate link shortening services is a simple way to hide a phishing URL. These services create condensed versions of long web addresses, commonly used for sharing short links in limited character spaces. By turning a dangerous link into a version that appears different, attackers attempt to bypass security systems and email filters that may flag known malicious URLs.
An ESP (Email Service Provider) can help you create newsletters and email campaigns. A cybercriminal may take advantage of it to set up a mailing campaign and include a phishing link in it. By using one of these services, they can get a seemingly clean and reputable domain associated with the ESP company. While most of these providers try to prevent misuse, threat actors sometimes succeed in exploiting their platforms.
AMP (Accelerated Mobile Pages) is another service that attackers have learned to exploit for phishing. It’s a framework from Google that’s intended to help web pages load faster on mobile devices. When a page optimized with AMP appears in search results, the URL will show Google’s domain. It would look like this:
https://www.google.com/amp/www.example.com/amp.doc.html
In a phishing scenario, an attacker may send an email containing a link that starts with “google.com/amp/s/”. If the user clicks it, they will be redirected to a deceptive site. Because of Google’s trusted reputation, even some anti-phishing filters may not immediately flag such links as suspicious.
When you click on a malicious URL, you can get tricked into entering your personal information, such as passwords and bank credentials, or have malware automatically installed on your device. This can lead to serious consequences for individuals, small businesses, and major enterprises alike. The good news is that being proactive about cybersecurity can help you avoid falling into such traps. Here are some essential tips:
Cybercriminals often try to confuse potential victims with clever tactics, but staying alert can be your best defense. Whether you’re scrolling through social media, browsing websites, or using phone apps, paying close attention to details can make a significant difference in your online safety. By being aware of how common cyber threats work and adopting cautious habits, you can take immediate action to keep your digital accounts and personal information secure.