Cybersecurity Awareness Month : The Red Flags of Rogue URLs

Spotting malicious URLs is a bit of an art. The examples represented here are some of the common tricks used by hackers and phishers to fool users into visiting malicious websites. The methods shown here could be used by legitimate services, but if you see one of these “tricks” you need to make sure you’re dealing with the organization you think you are.

Look-a-Alike Domains

Slight Misspellings
          • Microsoftnline
            <v5pz @ onmicrosoft . com>
          • www.llnked
Brand name in URL, but not real brand domain
Brand name in email address but doesn’t match brand domain
          • Bank of America

URL Domain Name Encoding

      • https://%77%77%77.%6B%6E%6F%77%62%654.%63%6F%6D

Shortened URLs

      • When clicking on a shortened URL, watch out for malicious redirection.

Domain Mismatches

      • Human

Strange Originating Domains

      • MAERSK

Open Redirectors

URLs which have hidden links to completely different web sites at the end.

      • .com