If it is true that email attachments have been, for years now, one of the main vectors of malware and similar malicious agents, the context of links to malicious sites it is even more dangerous.
In these cases, in fact, email filters and other systems often do little. In fact, cybercriminals exploit various techniques to hide links to sites phishingcatching both automatic controls and more attentive users off guard.
Even carefully checking a URL may sometimes not be enough. But what are the most common cybercrime techniques to push users to dangerous websites? Kaspersky provided a list with the main strategies.
The first method used concerns the use of the symbol @ embedded in a URL. By inserting the same in a link like:
http://convincing-business-related-page-name-pretending-to-be-on-google.com@kaspersky.com/blog/
it is possible to deceive the user, as everything proposed before the @ is ignored by the browser. By proposing a link of this type, therefore, the user is actually directed to http://kaspersky.com/blog/.
This strategy, very basic and at the same time effective, is however only the proverbial “tip of the iceberg”.
Lead users to malicious sites? From the use of the “@” symbol to the abuse of newsletters
Some cybercriminals, for example, abuse services to create short link, or platforms that allow you to shorten links. In fact, it is possible to create an anonymous link that can direct you to any type of site without arousing suspicion filter systems.
Another ingenious technique involves confusing the user with a URL by converting it to a IP address, transformed into a number. For example, the site:
http://google.com…%@3109359386/
combines the use of the @ symbol (as already seen) with a number which is then transformed into an IP by the browser. In fact, this makes it easy to direct the user to any type of website.
Even exploitative sites Google AMPa service to speed up the loading of web pages, can mislead users and anti-spam filters. A link that leads to a site of this type, in fact, begins with “google.com/amp/s/” can easily instill a false sense of security.
Another refined trick to lead users to malicious sites is the abuse of a ESP. We are talking about a service for creating newsletter completely legitimate. Through the newsletter it is possible to create a campaign by internally inserting URLs to phishing sites without being detected.
This, unfortunately, is just a small taste of what cybercriminals can do. In fact, from month to month, the strategies evolve and are increasingly difficult to identify.