All about fake links

06/22/2022

Fake links ("forged" links) mainly occur in fake mails and want to grab data from the users. Through them, hackers can then, for example, use your account to store online, blackmail you, or resell you to other spammers and hackers. But how do you recognize a fake link, how does such a phishing attack work and what do you have to do if you have clicked on a fake link? We answer all these questions here.

What are fake links?

Fake links, or fake links, are hyperlinks that imitate the URL of a familiar website, for example, in order to be able to hack the recipient of the link when they click on it. Usually, the fake links are sent to the user via a legitimate-looking fake mail. With this maneuver, also called phishing, criminals want to steal confidential data in order to gain unlawful access to, for example, online banking or user accounts in online stores.

Where do the fake links come from?

Fake links mainly occur in fake mails. These are so much like a real mail that they are difficult to distinguish from the original. This is to trick the user into clicking on the link. For example, a real-looking parcel service sends a status mail about a shipment in transit and offers to track the package via a (fake) link. If someone happens to actually be expecting a shipment, there is a high probability that they will click on it and thus be hacked.

Phishing websites are also difficult to distinguish from the real thing and are a dangerous gateway for cyberattacks. As of December 2021, over 316 thousand of them have been detected worldwide. The number of unreported cases is likely to be significantly higher. The fake websites are not only increasing in number, but also becoming more and more perfect. For a layman but also for experienced people, these can only be distinguished from the original with a certain basic knowledge and, above all, reading to the letter.

Why are there phishing websites?

Scammers usually want to obtain log-in data through the well-faked websites or links. If the scammers have them, then they can steal or blackmail the victims, for example, if bank details of the victims have been stolen. In other cases, there are viruses on the link, which already sneak into a PC when the website is called up.

How does a phishing attack work?

The criminals send a phishing e-mail, for example, in which the recipient is usually confronted with a problem. Often he should enter and confirm data, for example, login data, passwords or even TAN numbers, otherwise account or other benefits will be blocked. The link in the email to change or enter the data leads to the fake website.

If the user now clicks on the link in the email, he is taken to a fake website that can hardly be distinguished from the original. If the user now logs in with the access data, these are immediately forwarded to the criminals. From now on, they can make purchases through their data, for example, if they had to provide their bank details. In addition, the fraudsters can resell the data to spammers or hackers.

How do you recognize a fake link or website?

URL of the website
The URL has conspicuously many characters, words or combinations that make no or little sense to the subject.
Tip: In case of suspicion, always call up the website manually via the browser and log in via it.
Spelling errors or slight deviations from the original:
The web addresses are slightly manipulated, but look very similar to the real domain. The following examples show the underlying pattern of slightly manipulated web addresses where the domain is very similar to the real one:
- www.amazon.de becomes www. amzone .de
- www.smartphone.apple.de becomes www.apple. smartphone .com (here smartphone is the first domain address and apple is the subdomain)
HTTPS connection
Phishing websites do not (usually) use encrypted connections. You can recognize an encrypted connection by the https:// at the beginning of each domain.
Tip: Never provide personal information to a website without an HTTPS connection and make sure that the certificate is valid.
Special characters and language
If the website does not display the usual language correctly (special characters like "ß" or umlauts "ä") it could be a phishing website.
Links do not work on website
On a phishing website the built-in links often do not work. No matter how many times you click on a link, the same page always opens. A sure sign of a phishing site.
Login always works
If there is any doubt whether the website is a fake, just enter phantom data when logging in. If you continue to the next page it is a phishing website.
Unusual data request
If you are asked to enter all data such as name, address, bank details and credit card numbers after registration, it is almost certainly a fake website. Additionally, the site may put you under time pressure by threatening to block your account if you do not act quickly. Such a thing would never be queried by an actual provider or carried out like that.

What to do if you have clicked on a fake link?

Save as much evidence as possible, e.g. by screenshots.
Change password at the real provider immediately. Log in for this on the official website of the online service.
Change all passwords of other online services where you use the same username and password.
Contact the respective online service and inform them about the phishing website and what data you have entered.
If you have entered bank details or credit card information, then immediately have the card blocked at your bank. If your bank has closed, there is always a central emergency number to have the card blocked.
File a criminal complaint with the police. You can even do this online, for this you do not have to go in person to the police.

On this topic, we have also put together a video for you, this can be found here .

Still have questions? Then get in touch with us!