Unsafe links: how to recognize and protect yourself

[Father]

Checking links for security is an important part of cyber hygiene. Everyone has at least once encountered spam mailings and messages from intruders that include malicious links. When you click on them, you can add a virus to your devices or transfer your personal data to cybercriminals.

Ksenia Rysaeva
Head of the Cyberthreat Prevention Center CyberART Innostage Analytics Group

Phishing tools are changing, becoming more sophisticated, and attackers ' tactics are being upgraded every day. Phishers often use a scheme where the victim receives a supposedly official message or notification from government agencies and departments, and a malicious attachment is hidden inside the email message. Attackers try to make email texts as realistic as possible. With the help of social engineering, they can force victims to perform certain actions.

The best way to deal with a cyberattack is to prevent it. It's easier to check the link in advance than to deal with the consequences. Criminals have many ways to mislead not only ordinary people, but also experienced Internet users, to lull their vigilance. In this article, we will explain how to check links, files, images, and websites for security and the sophisticated methods of modern cybercriminals.

Recognizing a dangerous link​

To check the site for security, you can perform various manipulations. But none of them provides a 100% guarantee of security. There is always the human factor, which most often plays a decisive role in this fight against Internet criminals. As a rule, insecure links lead to fraudulent sites. They are designed to steal sensitive personal data, such as card numbers, usernames, and passwords, so that they can be used to steal or extort funds in the future. It is not uncommon for data to be stolen for subsequent sale. But malicious links can also lead to downloading viruses and other dangerous files that can disable an infected device or get personal data from it.

Sergey Polunin
Head of the Infrastructure IT Protection Group at Gazinformservis

A well-made phishing site can be quite difficult to recognize, but there are several things that you should pay attention to in order to cut off 99% of such resources. First, you should carefully look at the address itself. As a rule, it is as similar as possible to the legitimate one, but it differs, for example, by one letter. Or one of the letters is replaced by some symbol. Moreover, you should be wary if you came to this site via a short link from messenger or mail.

You can check the link for phishing by paying attention to several nuances. For example, the connection to a phishing site is most often not protected, i.e. no encryption is used. You can make sure of this if you don't see the lock sign next to the site address. If it were a real site, you would see what certificate confirms authenticity.

In addition, you should pay attention to the content of the website itself. It is often of poor quality. You will quickly notice poorly written text, an abundance of pop-ups, and so on. There are also special browser extensions that also help recognize phishing sites.

Pavel Melnikov
CEO of Pointlane

The most effective way to recognize phishing sites is to check the site URL or, more simply, the site name. Most often, scammers imitate the URLs of websites of well-known services or brands. Also, scammers often call sites some kind of nonsense, by type (coolingforc23ne.ru). This site, by the way, was recently used by intruders to steal telegram accounts. You can also check your site for Virus Total. This will not give you a 100% guarantee of security, but it will protect you from most common viruses.

Several effective ways to recognize phishing sites:

1. Checking the URL. Read the site's URL carefully. Phishing sites often have similar but incorrectly spelled or modified domain names, such as replacing Latin letters with similar numbers or symbols. Check for typos or extra characters that shouldn't be there.
2. Checking the SSL certificate. Check if the site has an SSL certificate. SSL certificates provide a secure connection between your browser and the site server. Phishing sites may use self-signed or invalid certificates, or they may not have an SSL connection at all. Make sure that you have an SSL certificate that meets your expectations for this site.
3. Design verification. Phishing sites may try to mimic the design of legitimate sites, but they are often not entirely accurate. Pay attention to the site's appearance, including logos, color schemes, and fonts. If something seems wrong or inconsistent with the usual design of this site, you need to be careful.
4. Checking your contact information. Check the contact information on the site, such as your email address or phone number. Compare it with the contact information you usually find on a genuine website. If the information is missing or doesn't match, it may be a sign of a phishing site.

Alexander Andreev
Specialist of Kaspersky Lab's Information Security Research Center

Be careful when you click on links, especially in emails, social media posts, or instant messengers. Phishing sites may try to trick you by directing you to fake sites through masked links. Check the URL in your browser's address bar before entering your personal information. Install and regularly update reliable antivirus software on your device. Many antivirus programs have anti-phishing features and can warn you about potentially dangerous sites.

If, after checking the link for security, you have any suspicions about the site and you doubt its security, it is best to avoid providing personal information and contact the organization directly using official contacts. You can call or write an email to almost any organization to clarify their official website and the security of the link provided to you. This will save you time, money, and nerves in the future.

Methods used by fraudsters​

Cybercriminals on the Internet are coming up with more sophisticated methods and techniques every day. They can be as customer-oriented as possible and be tailored to a very narrow audience, so that the human factor plays a role in their favor.

Stanislav Forever
Head of Network Security and Audit Department at Axoft

Cybercriminals most often disguise malicious files as ordinary files, such as documents, images, receipts, archives, and executable files. They can also use fake programs, updates, and plugins to force users to install malware on their devices. To detect fake software, you must always use end-device protection and keep up-to-date with the manufacturer's updates.

So in 2022, the share of attacks on users using social engineering methods increased from 88% to 95%. This is a consequence of massive information leaks in large companies. Leaks were recorded in "Gemotest", "SDEK", Yandex.Food, Delivery Club, DNS. If we consider the structure of stolen data, then the first place with a share of 36% is made up of personal data. It is on the basis of them that attackers have the opportunity to create a phishing email and website based on the victim's portrait.

Anton Solovyov
Head of the PT Department at MONT

Imagine that you have left a request for a refund for a low-quality product and are waiting for a response from the seller. After some time, you receive an email informing you that the refund has been approved, and the email also asks you to specify the bank card details for the transfer of funds. Often, a person does not expect such awareness from scammers and enters data that gets to the attackers. Or another situation, when scammers have information about your orders, they send an email asking you to evaluate the purchase for a fee. An ordinary person has no reason to distrust, because this order really was. And then again a phishing page and data entry that leaks to the attacker.

The number of attacks on web resources has also increased over the past year. The share of attacks on the web resources of government agencies was 41%. If scammers place a phishing link on the official website of a state organization, then the user's level of trust in it will be maximum, and few people will check where this link leads.

Experts note that the so-called Phishing-as-a-service (phishing as a service) is gaining popularity. This allows attackers not to waste time on routine tasks, but for a small amount of money to buy a ready-made solution, where specialists will already prepare the entire infrastructure (website, application), create a letter based on the customer's profile, and even make a targeted mailing list.

Roman Miskevich
Technical Director for ANWORK

Over the past year, the number of attacks in popular instant messengers has increased several times and by this February accounted for 55% of all actions of scammers against individuals, and by the end of the year - may increase to 80%. The most common schemes are phishing mailings with a call to go to a link, leave your data, or pay for a product or service. Most often, the most "hot" topics that concern absolutely all categories of people are selected. If earlier the victims of fraudsters were mostly elderly people, today a person with experience in Internet communication can also be caught "on the bait".

By the end of 2022, Telegram became the most insecure – the growth of phishing in this messenger was 800%. At the same time, not only individuals, but also business accounts faced the actions of fraudsters-the number of attacks on them doubled. It is not surprising – after all, this messenger is actively gaining popularity. And all the scammers flow into it from other platforms in the wake of customers.

Attackers use various techniques and tricks to mask phishing links and deceive users. A few common methods:

1. Displaying a hidden URL. Attackers can hide the actual URL by displaying text or an image that looks like a legitimate link instead. For example, they can use a hyperlink with the text "www.google.com", but it actually leads to a phishing site. Visually, the link looks safe, but in fact it misleads users.
2. Using fake domain names. Attackers can create domain names that are very similar to known and trusted sites. They can use typos, adding or removing characters, for example, replacing the letter "o" with zero or the letter "i" with "l". This can lead users to trustfully click through to a phishing site, implying that it is a genuine resource.
3. Embedded links in emails. Phishing emails may contain embedded links that disguise themselves as official and trusted sources. For example, an attacker can send an email pretending to be a bank with a link that leads to a fake website where personal data is requested.
4. Using shortened URL links. Attackers can use URL shortening services to hide the actual address. This makes the link shorter and less suspicious, but it also hides its true purpose. Users can't determine where they will be directed until they click on the link.
5. Social engineering. Attackers can use social engineering to deceive users and persuade them to click on a phishing link. They can create stories, disturbing events, or situations that prompt users to take action.

Andrey Vorobyov
Director of the Coordination Center for .RU/.RF domains

The message texts are written in a convincing and plausible way, and their purpose is to convince the user to enter personal data, update or confirm an account, or make a purchase without delay.
Fraudsters tricks change and evolve with the development of technology and user habits, so you should always be suspicious of unexpected or unusual messages, especially if they require entering personal data or other urgent actions.

As we mentioned above, cybercriminals are very happy to disguise malicious files as various file types in order to deceive users and circumvent security mechanisms.

The most common ways to mask malicious files:

1. Malicious files can be hidden inside documents (for example, format files .docx, .xlsm) or archives (for example,.zip, .rar). Attackers can additionally set a password for the archive and send it in an email to prevent antivirus programs from detecting files on the mail server.
2. Attackers can change the file extension to hide its true format. For example, they can use a special RTLO (Right-to-left-override) sequence. When you insert an RTLO character in a file name, it is displayed from right to left, rather than in the usual left-to-right format. For example, a file with the actual name c "gepj.exe" will be displayed as a JPEG " exe file.jpeg». Attackers can also use a double extension, such as a file named " photo.jpg.exe».
3. Also, known vulnerabilities in popular software can sometimes be used to execute malicious code without the user's knowledge when opening files that are completely harmless at first glance, for example,". mp3",". mkv", etc.
4. Attackers can disguise malicious files as software updates, such as Java or web browsers. Users can run such a file even if they see that it is executable, thinking that it is a legitimate update.

Sergey Belov
CEO AtreIdea

Recently,. lnk files (shortcuts) have been frequently used. Attackers can replace the icon of the .lnk file with an icon that is associated with a secure file or program. This makes the malicious shortcut visually look like a legitimate file and can deceive users. These files may also contain additional parameters for running legitimate programs that allow you to download and run third-party malware. Finally, some versions of Windows contained known vulnerabilities related to handling. lnk files. Attackers could have used these vulnerabilities to launch malware via .lnk files.

Don't forget that attackers can use emails, social media posts, or instant messengers to send links or files that look secure but actually lead to downloading malware.

Conclusion​

Fraud statistics have been steadily increasing for many years, especially in relation to phishing sites. Anyone can become a victim of fraud, so it is so important to remember a few simple rules that will protect you when working on the Internet and help you distinguish a real site from a fake one.

Anastasia Afonina
Chief Operating Officer of Webmonitorex

Perhaps the main habit that allows you not to become a victim of hackers is vigilance and attention to detail. Every time you enter personal data, passwords, and even more so bank card details on sites, you should definitely check whether the site's address is written correctly, whether everything is in order with its security certificate, and whether there are any obvious flaws on the page in the form of broken links. You should be especially careful about emails that require you to make an urgent decision or make an urgent payment, especially if this email was received at the end of the business day from a sender you don't know.

Companies, in turn, can significantly reduce the risks associated with this type of fraud by using specialized protection tools against phishing and malicious files. There are a large number of solutions on the market that allow you to protect your email, file storage, and employee computers.