Hovering on links to see where it leads? It’s not as safe as you think.
It’s the dreadful Monday again, you pull yourself to your computer and open your email. Ding, comes a new email from what appears to be from your bank, telling you your account is compromised and requires your immediate attention. But you’ve been through enough scam awareness webinars to be wary, you know to look out for obvious signs like poor english, typos or even weird links like www.my-dbs-online.net.
However, as you hover your cursor over the link in the email, it appears to be legit, linking you directly to https://www.dbs.com.sg. Thinking it’s probably safe, you click on the link and log into your account. The very next day, you realized your bank balance is wiped clean. You’ve fallen victim to what I like to call a “distant-cousin” of clickjacking attack.
Such a scenario seem improbable, and it is. Modern email clients are sophiscated enough to prevent such attacks. But this technique can be used on any website to disguise a malicious link as a legit one (think a phishing page link disguised as your bank).
Mechanism of Attack
If the user is not paying attention, he/she may not notice the difference in the URL of the resulting page that loads.
Of course, this technique can and is actually used for legitimate purposes. In one of my projects, I use it to capture clicks on a search result page for historical/usage statistics but still allow users to see the original URL when hovered instead of having them see a long proxy url like:
Check, check, and check.
The most obvious way you can prevent falling victim to such an attack will be to always double and triple check the URL of the resulting page after clicking on a link, to make sure that you’re actually in the right place. Additionally, also look out for the green [since 2018, major browsers had been phasing out the bright green icon and defaulted to a less prominent color] lock icon that signifies that your connection is secure and authentic, not spoofed by someone else.
Anti-phishing browser extensions
Another way you can keep yourself safe, is to install browser extensions that monitors your activity and warn you of any dangerous sites with a big, red warning sign that you can never miss. So even if you’re redirected to a malicious site, you will know for sure.
One such browser extension is WOT (Web of Trust), that is available for both Google Chrome and Firefox.
It may sound like a stretch and implausible, but gullible and people who are less tech-savvy may end up falling victim. It is always good to have awareness of such techniques, be it to counter malicious actors, or if you’re a developer, to employ it in your next project (legitimately, of course).