Phishing is one of the most common cybercrimes that threatens organization security in the US. These attacks are disguised as legitimate to trick people into clicking on malicious links or attachments. Social engineering attacks via email are getting more convincing as creators put more effort into making their scam emails look genuine.
Familiarizing yourself with real-life phishing examples is an excellent way to mitigate these risks. We cover phishing-related topics on our blog to help you recognize and avoid email phishing and other social engineering attacks.
Always carry out proper checks before clicking a link—whether it looks genuine or suspicious. This article explains how to check a link for phishing without clicking it.
Inspect the Shortened URL
One way to determine a malicious link is to see if the URL is shortened. Though link shortening services such as TinyURL or bit.ly are legitimate services, attackers leverage them to conceal their link’s true destination.
More often than not, you won’t be able to tell where a short link will direct you by merely looking at it. The best way is to paste the short link into a link expansion service such as CheckShortURL.com to reveal the link’s true destination.
Some link expansion platforms indicate whether the link is among a list of bad websites. Alternatively, you can install Unshorten.link.It’s a Chrome extension that automatically redirects you to a link expansion page whenever you click on a short link, intentionally or accidentally.
Check the Sender Source
Another check to conduct when you receive a link via email is to check its source. Where is the message coming from? Check both the display and domain names. One common social engineering attack technique is to use the domain name of a reliable organization to convince you that it’s legitimate.
Check the Link for Glyphs and Foreign Characters
Phishing attacks also try to hide the address within a link by using URL encoding to replace the characters with special characters. In URL encoding, the letter B can translate to %42.
Malicious hackers use this method to keep their link destination hidden. In this case, it’s highly recommended to use a URL decoding tool such as URL Decoder to detect the exact URL destination.
Cybercriminals also use script spoofing to register lookalike websites. They use letter combinations, foreign letters, and numbers to resemble a letter (or letter combinations) visually:
- “m” looks like “rn” at first glance
- Cyrillic “а” looks like Latin “a”,
- “í” looks like “i”
- “0” looks like “O”
If you’re not attentive enough, the naked eye could miss things like this.
Use a Link Scanner
You can also check a link for phishing with a link scanner to ensure it’s safe before performing any action on the site. A link scanner is a handy tool that helps you identify known malicious links to avoid clicking on them. Besides checking the link, some link scanners will examine the images, too.
EasyDMARC’s Phishing URL Checker
EasyDMARC’s phishing link checker is a great tool to detect phishing or malicious websites. It’s easy to use—simply copy and paste the link into the search bar and click the “Enter” or the “Check URL” button.
Our tool can check for phishing URLs, detecting and analyzing up to 20 links at once. It displays the link’s URL status, either good or bad.
A Good URL status means it is free from any malicious activities, while a Bad URL status means the link leads to a malicious website and should be avoided.
Setup an Antivirus With Real-Time Link Scanning
Antivirus software with real-time link scanning scans for any malware activities in real-time. Though this option can take up more system resources, it’s best to stop malware from entering your system rather than discovering malicious software afterward.
Keep Your Antivirus Up to Date
Ensure your antivirus setting is on auto-update to download the latest virus definitions. This allows the tool to catch the latest threats that can compromise your system. Be sure to check the date of the last update to confirm updates are taking place.
Phishing attacks like consent phishing are getting more sophisticated as cybercriminals create more compelling stories to trick users into clicking malicious links. The aim is to compromise your system, steal sensitive data, or infect your system with malware. For that reason, organizations must teach their employees how to recognize and avoid email phishing.
Never click on a link unless you are 100% sure it’s legit. Take note of the tips discussed in this article and conduct proper checks before taking any action.
Even if the message is from a known source, it’s best to confirm the source and domain name. You can copy the link into our phishing link checker to confirm the URL status. If it’s “Good”, you’re free to click the link. But if it’s “Suspicious”, it’s highly recommended you avoid it.
No one is attentive all the time, so you also need to know what to do if you click on a phishing link. Follow our tips and stay safe online!