« Beware on Black Friday | Main | If your password is on this list... »
Tuesday
Nov202012

Be prepared for phishing and link manupliation

I just recently spend quite some time fixing a virus infection on a clients machine.   He was using all the right anti virus and anti malware tools.  So how did the problem start? A phishing email with bad link.  

After receiving a email with a link to what listed as Linked In, he was taken to a site where a virus payload was downloaded to his machine and then proceeded to infect his machine.   

Here is a excellent description of the issue from Wikipedia, 

Link manipulation

Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the <A> tags) suggest a reliable destination, when the link actually goes to the phishers' site. The following example link, //en.wikipedia.org/wiki/Genuine, appears to direct the user to an article entitled "Genuine"; clicking on it will in fact take the user to the article entitled "Deception". In the lower left hand corner of most browsers users can preview and verify where the link is going to take them.[35] Hovering your cursor over the link for a couple of seconds may do a similar thing, but this can still be set by the phisher.

A further problem with URLs has been found in the handling of Internationalized domain names (IDN) in web browsers, that might allow visually identical web addresses to lead to different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN spoofing[36] or homograph attack,[37] phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain.[38][39][40] Even digital certificates do not solve this problem because it is quite possible for a phisher to purchase a valid certificate and subsequently change content to spoof a genuine website.

 

Be on the look out for anything phishy, and when in doubt DO NOT CLICK ON THE LINK.

 

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>