How to Read URLs and Prevent Phishing Scams
Despite an ever-changing digital world, email has held strong as a popular form of communication. This has allowed cybercriminals to hone their craft and come up with new and creative ways to scam you out of personal information. Today, we’re going to cover one of the most common mediums used in cyberattacks – links. This will be a vital way to prevent phishing scams and other cyberattacks in email and other online mediums.
Sketchy links are so common online, that most of us are uneasy clicking on links in almost any situation. So how do you stay safe without suspecting your mom of a phishing scam when she sends you a link to a new recipe? Learn how to read URLs!
Some of these may seem a little hard to believe due to how simple they are. Let’s let Dilbert show why they still work…
Cyberattacks work due to high volume!
#1 – Misspelling Domains
Seems too easy, but this is one of the easiest ways cybercriminals sneak past us. Take a look at the URLs below and see how long it takes you to spot what’s wrong with them.
1 – Letter Scramble
When letters are scrambled inside longer words, our brains typically make the correction without us noticing.
2 – Letter Combos
This one isn’t as common as the others due to the wide number of fonts used today. In this case, the “r” and the “n” look a lot like the letter “m”
3 – Number Swap
No doubt the “o” vs. “0” issue has caused problems for you in some way before. It’s also a classic method used to mask a shady URL.
4 – Missing Letters
This one doesn’t work on a number of well-known URLs, but for some longer domains, it can be very tricky to spot.
#2 – Domain Jumble
This method has become much more popular over the past few years. Ultimately, you should always be looking for the top-level domain in any link before you click. To do this correctly, follow these two rules:
- If there aren’t any single forward-slash characters in the URL (/), then read the top-level domain from left to right.
- If there are single forward-slash characters in the URL (/), then locate which one is farthest from the right. Starting from that forward-slash, read the top-level domain from right to left.
We are looking for single forward-slashes in the URL. Therefore, the double forward-slash in https:// would not apply.
Test it out! Take a look at the URLs below and see if you can see what links good, and what links are bad:
1 – Good!
The forward-slash is between login and com, so the top-level domain is facebook.com
2 – Bad.
The forward slash is between 8675309 and net, so the top-level domain is fblogins.net, not Facebook.
The forward slash is between com and account, so the top-level domain is login.com, not Facebook
4 – Good!
The forward slash is between ads and com, so the top-level domain is Facebook.com. We’ll explain the meaning of the rest of that URL towards the end.
#3 – Short Links
Short links are fairly common on social media and email for a number of reasons. Some of the most common resources for this are Bitly, Rebrandly, and TinyURL. Companies and marketers use short links to reduce character counts on social media, track link clicks, etc. Because they are so common, they have started to be leveraged in cyberattacks as well. Here’s an example of a short link: https://bit.ly/3fh8Dmo
So how do we protect ourselves? Thankfully, on social media (especially ads), the platforms carefully scan linked websites for authenticity, quality, and relevance to the ad itself to ensure it’s not misleading or malicious.
As for email, we need to be a bit more careful to prevent phishing scams. If the short link is being sent from a source you don’t trust quite yet, then you can copy/paste the short link into online tools that will expand it for you. Here are some of the more popular sites for expanding short links:
UTMs & Tracking
Last, let’s talk about the mess you often see at the end of links like this:
First and foremost, if you follow the single forward-slash method, then you can focus on what matters. In this case, you can see that the top-level domain is Executech.com, so the rest isn’t really a concern. For those of you who are curious, here’s what it all means!
Everything after the question mark (…a-look-forward/?utm…) is simply for tracking purposes. It simply helps businesses understand where their website traffic is coming from. In this example, here’s the information a company would gather:
- Campaign Source: Blog
- Campaign Medium: Reading URLs
- Campaign Name: Cybersecurity Guide
- Campaign Content: Reading UTMs
That’s it! UTMs can definitely be used to better mask sketchy URLs, but if you follow the best practices laid out in the article, they’re completely harmless.
Unfortunately, there are many other methods such as “onMouseOver” event triggers, Punycode DNS registrations, href attributes, data URLs, and more. The large variety of cyberattacks is why you should always layer your new-found knowledge of common scam approaches with other methods of cybersecurity. You may miss one of these tactics and click on a shady link, so it’s important to have other layers of protection such as antivirus software, secure routers, etc.