Pin Me

Guide to Recognizing a Phishing URL

written by: •edited by: Michele McDonough•updated: 3/27/2010

Scammers want you to click on links to their websites in order to trick you into revealing information about yourself, and they do this with phishing URLs. Read this guide to find out what a phishing URL is, and give yourself some much needed phishing protection.

  • slide 1 of 5

    What Is a Phishing URL?

    Recognizing a phishing URL is an important way to avoid being scammed. Without this recognition, it is likely an inexperienced user could find themselves inputting personal information into spoof websites sporting URLs that look like the real deal – but are in fact malicious clones designed to steal personal data.

    With the help of the most up to date browsers and security software as well as operating system updates, you can protect yourself from phishing.

    But what is a phishing URL – what does one look like, and is there really such a thing as phishing protection?

  • slide 2 of 5

    Basic Phishing URLs

    Recognising that URLs from shortening services gives you phishing protection is vital Basic Phishing URLs can take many forms, but in most cases you won’t see the true URL until you have clicked a link in an email or webpage. While the link might have appeared to say www.yoursafesite.com, it was actually designed (in the background HTML code) to send you to www.mymalicioussite.com.

    There are several ways of doing this, from the basic HTML to advanced scripting techniques. With older browser versions there are even ways of fooling the software to display an image instead of the address bar.

    Using basic web design skills and freely available tools, it is then a simple task for the scammer responsible for the email to create a website that looks like www.yoursafesite.com, thus luring you into a false sense of security. They might even employ a URL similar to the one you trust, such as www.yousafesite-malicious.com.

  • slide 3 of 5

    URL Shortening

    The answer to the question "What is a phishing URL?" also includes “URL obfuscation.”

    This term describes services such as bit.ly, tinyurl.com and is.gd which offer URL shortening services for free to users online (see the guide Five Places to Redirect Your URLs for Free for more on URL shortening services). Most commonly, these services are used to put links into Twitter – many Twitter clients hook up with these services, automatically shortening lengthy URLs that you place in your updates.

    For example if I visited http://is.gd and entered www.brighthub.com it might give me a shortened URL of http://is.gd/aQ2Iu. This means absolutely nothing to the naked eye, but is logged in http://is.gd's records as pointing at www.brighthub.com.

  • slide 4 of 5

    Phishing URLs as Browser Hacks

    An example of a browser hack phishing URL The convention on a service like Twitter is to inform users what you’re linking to – but this can easily be misleading. Anyone who doesn’t use Twitter or similar services shouldn’t be reading this section thinking that “this doesn’t apply to me” – other kinds of URL obfuscation are in circulation.

    A link that can appear to say www.yoursafesite.com might actually take you to a very similar address of http://www.yoursafesite.com&login&sessionid=1234567890&ip=@172.172.1.172/~malicious.html

    How could this work? Put simply, it uses the http://username:password@web.com format of website authentication (routinely blocked in modern browsers). What has actually happened when you click the link is that you have accessed the website at 172.172.1.172, displayed a page called malicious.html and utilised a username of “http” and a password of “//www.yoursafesite.com&login&sessionid=1234567890&ip=

  • slide 5 of 5

    Phishing Protection

    There is little real phishing protection available beyond your browser software. While recognizing a phishing URL is important, keeping your security software and browser version up to date is just as vital. While your operating system and security software will have updates available to combat the most common attempts to gain access to your PC (another regular purpose of malicious spoof websites accessed via phishing URLs) your browser should be regularly updated when instructed to apply the required changed to its configuration in order to protect you from malicious websites.

    It is worth noting that several browsers are currently offering high levels of protection from URL obfuscation, such as Internet Explorer, Firefox, Opera and Chrome – however Safari doesn’t protect against this URL shortening, leaving users of the browser in a potential minefield of spoofed websites accessed blindly from phishing URLs, with terrible consequences.