Phishing by Link Manipulation : How safe are our links ?? | Link Manipulation : A type of phishing attack
In the present world of Internet, when every second thing is going on-line and finding a place on web with URLs : Universal Resource Locators, there always are black hats ( hackers ) who mis-use those flexibilities and use them for un-ethical purposes.Here is a small write-up on Link Manipulation for free-feast readers.
Link Manipulation is a phishing attack done mainly to mis-lead the user to a fake website or a “look-a-like” of some renowned site.
The main trick used in this type of phishing is use of sub-domains. These are the technicalities which are not familiar to Non-I.T users and hence they are the primary targets of the black hats.
Consider a E-mail which claims to come from abc bank and asks for your bank credentials at this url – www.abcbank.xyz.com
A Non-I.T user may perceive it to be a link landing at some xyz section of abc bank, but rather the link is pointing at abcbank section of xyz.com, it is so because the domains are unique universally , but sub-domains can be duplicative, hence even abc bank cannot control someone from using abcback as a sub-domain of their domain.
Always remember, the URL hierarchy is right to left, that means : www.mail.google.com would land to main domain of Google with subdomain Mail , where as www.google.mail.com would lead to Mail domain having sub-domain Google.
Consider following example :
For any Non-I.T user the site may seem to be a webpage of ICICI Back, whereas it is a fake site where is the name of sub-domain is not mentioned and only its corresponding IP address is mentioned, which for a user who is not aware of IP Addresses may be some set of jumble numbers.
It is always advised while surfing :
- To check the http”s” connection in address bar , meaning its a secure connection.
- To check for lock symbol in the browser while using.
Also please take utmost care that No E-commerce site or any delicate information handling site asks for any user credentials via email, If however one wants to login to website than please manually type the website in address bar of browser and surf – this reduces chances of being trapped.
Even Digital Certificates do not help to resolve this problem completely, and huge risk still prevails with the same.
A advice to New I.T users : After learning basics only, do not stop, its a tricky world, please keep yourselves updated with latest news on cyber issues and keep yourselves updated with basic security nomenclatures 🙂
Stay Alert, Stay Safe !!
Keep Reading !!