Cyber Security Awareness for Beginners
A. Beware of Malicious Hyperlink
The proportion of sites hosting malware as identified by Safe Browsing (Google Transparency Report, https://goo.gl/XC99Q8) |
What should you do before clicking on a suspicious hyperlink?
1. Find out the "actual" URL of the "appeared to be" URL
For Email:Hover the mouse cursor over the hyperlink to check the actual link |
http://121.124.128.25 is the actual URL instead of https://www.lazada.com |
For Browser URL:
Between the two URLs below, which do you think is a legitimate one?
Are they any different?? Now try to click on both of the links above. (They are safe, no worries 😜)
Homoglyphs are different characters but they look similar to each other (Irongeek.com) |
The example shown above is IDN Homograph attack. Hackers try to deceive users by creating URLs that looked almost the same as the genuine site URL. But if your browser is securely configured, the URL displayed on your browser should be https://www.xn--80ak6aa92e.com.
|
2. Use Virus Total to check if a website (or a file) is safe
URL scanned with the result of "Malicious" indicates something fishy inside the webpage |
3. Recover the shortened URL to it's original URL using Unshorten.It!
An example of shortened URL |
Destination of inserted URL https://goo.gl shows http://www.google.com |
Why Do Hackers Use Malicious Links?
1. To let you enter your credentials on a fake website created by themExample of a Phishing attack |
Email and password collected by the hacker after user entered his credentials into hacker's phishing site |
2. They want your computer to perform actions that you don't intend to do
Account takeover on WhatsApp after a click on a malicious file:
Cross-site Request Forgery (CSRF) on WhatsApp
Installation of Malware:
A list of hyperlinks that contains Malware (Virus, Ransomware, Trojan, etc. ) |
Reference:
https://thehackernews.com/2017/08/facebook-virus-hacking.html