The Most Common Way People Get Hacked & How to Avoid It

The One Foolproof Method to Spotting Phishing Attacks: Understanding URL/Link Syntax

Daniel van Driel
Apr 13 · 5 min read
Photo by Colman Byrne on Unsplash

Saudi Journalist Jamal Khashoggi, Chairman of Hilary Clinton’s 2016 presidential campaign John Podesta and the Ukrainian power grid. What do all of these have in common? The answer: they were all victims of computer phishing attacks.

These attacks delivered malware that took over their device, resulting in Khashoggi’s eventual murder, the leaking of John Podesta’s emails disrupting the 2016 US election and the Ukrainian power grid being temporarily disabled.

Despite the cited examples being quite high-profile, that doesn’t mean phishing attacks are only used against high-value targets. Quite the contrary, they are the most common form of cyber-attack used today. In 2020, the FBI’s Internet Crime Complaint Centre recorded over twice as many incidents of phishing compared to any other form of computer crime.

So what is phishing, and how can we defend ourselves against it?

What is Phishing

Phishing is when a hacker pretends to be a trustworthy entity such as a friend or a financial institution in order to fraudulently obtain sensitive information.

The ‘fishing’ metaphor refers to the idea of getting you on the hook and then reeling you in.

Phishing attacks most commonly originate from emails or instant messaging. The attacker will use a variety of ways to obtain the desired information. Here are some common examples.

Phishing Cartoon
Phishing Cartoon

How to Protect Yourself

To not get phished, you need to spot when you are being baited. You need to be able to spot when you are being directed to a fake website.

There are many heuristics or indicators that we can use to spot fake emails.

Unreliable

  • Emotional motivators.
  • Spelling errors and unusual/unprofessional formatting.
  • Unfamiliar sender — the sender and origin email address can be faked.
  • Not addressing you by name — note that hackers can find your name in data breaches or social media.
  • https secure connection (the padlock that shows in your browser ) — all this means is the connection to the website is encrypted. That’s like saying, your connection to the hacker is secure.

Reliable

  • Unsolicited/unexpected attachments — especially if they are an executable file format: iso, exe, msi, dmg, docm, xlsm, pptm etc
  • Checking and evaluating links.

I will be focusing on perhaps the most common and most difficult indicator to spot: malicious links.

Unfortunately, spotting fake links doesn’t really make intuitive sense. For example, drive-google.com. Why isn’t this the legitimate Google Drive URL? Read on…

Learning web address, link or URL structure

A web link consists of one or more parts (technically known as labels). Each part is separated by a full stop.

Sourced from Wikibooks: Internet Fundamentals

The right-most label conveys the top-level domain; for example, the domain name google.com belongs to the top-level domain (TLD) of com. Other examples of TLD’s are net, gov and org etc.
Country specific TLD’s also exist, like au, uk, de, tw etc.

The hierarchy of domains descends from the right to the left label in the name; each label to the left specifies a subdivision, or subdomain of the domain to the right. For example: for en.wikipedia.com, wikipedia is a subdomain of com. en is a subdomain of wikipedia.

Subdomains have many uses. In the above example, the en subdomain is the English version of Wikipedia. But to take another example: maps.google.commaps is used to designate that maps is a service that Google offers.

Examples of Google’s use of Subdomains

The important thing to know is we are looking for the main domain, which is always slung after the TLD. Why? Because the owner of the main domain can attach whatever subdomain they want under their main domain.

Learning to Spot Malicious Links

Example 1 — Malicious subdomain

With that in mind, let’s look at an example. Imagine you got an email that looked like it was from Google saying a document had been shared with you. When you check the link, it directs you to drive.google.com.xyz.com

At first glance, this may appear real. But the main domain here is xyz. The trick here is the owner of the domain added subdomains that makes it look like it’s a Google Drive link.

Example 2 — Malicious main domain

Let’s revisit our drive-google.com example from earlier. The problem with this link is drive is not a subdomain here, because drive is not separated from the main domain via a full stop. So the main domain is not google, it’s drive-google, a totally different website that anyone can buy.

Example 3 — URL Shortening/redirection services

Sourced from Wikileaks

This was the email that was sent to the aforementioned 2016 Democratic campaign chair John Podesta.

This phishing email used a different technique: a URL shortening/redirection service. Common examples of these services are tinyurl and bit.ly. What these services allow you to do is create a short link that when opened, redirects you to another link.

The thing to remember is if you click one of these links, it can redirect you to anything.

In the above email, the Change Password link is a bitly link. When Podesta opened the link, he was redirected to the malicious website which resulted in the hacking of his email account. The rest is history.

Summary

Never open links unless you can verify the link’s main domain is genuine.
If you want to verify a shortened URL, you can expand it via CheckShortURL.
If in doubt, just Google or DuckDuckGo the company and use the link of the search engine instead of clicking the email or text messages link.
You can also phone the company or individual to confirm if the message is legitimate.
Finally, practice! I’d recommend trying Google’s Phishing Quiz.
Disclaimer: I have no affiliation with this website. Good luck!

Geek Culture

Proud to geek out. Follow to join our +500K monthly readers.

Daniel van Driel

Written by

IT Consultant. Writer for The Startup. Specialising in the Business and Governance of Technology and Cyber Security. @Daniel_vanDriel

Geek Culture

A new tech publication by Start it up (https://medium.com/swlh).

Daniel van Driel

Written by

IT Consultant. Writer for The Startup. Specialising in the Business and Governance of Technology and Cyber Security. @Daniel_vanDriel

Geek Culture

A new tech publication by Start it up (https://medium.com/swlh).

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store