How Phishers Trick Their Victims

Nowadays, phishing takes many different forms. The most common form of phishing is also one of the simplest-sending an email to a victim in an attempt to trick them into giving the attacker sensitive personal information. The email often includes a fake link that directs to a website that the scammer has set up to collect their details or malicious attachment which infects the computer with malware. Either route, the attacker has the same end goal; to gain access to the user’s accounts such that they can commit identity theft and defraud the victim of money.


  • Close-to-real Scam e-mails:

As this type of scam is so common, internet users have become increasingly aware of the dangers that phishing presents to their personal data. Therefore, simple schemes that directly ask for email or have obvious signs of being a hoax have become ineffective. In response to this increase in public awareness, phishers have been forced to design their emails and website to be more complex and virtually identical replicas of the real ones. Therefore, users cannot identify fakes on sight as they once may have been able to do, and thus must do more digging to ensure they don’t become the victims of phishing attacks.


  • Fake Site URLs:

The first step in checking whether or not a website is legitimate is looking at the URL. Scammers may produce nearly identical replica websites by using the company’s graphics or logos. However, they cannot steal the company’s URL. The fake site’s URL may be misspelled or contain unusual characters. This is called homograph spoofing and is the easiest way of telling a real website from a fake one.

  • Use of JavaScript:

However, as URL-checking becomes more common, phishers have come up with ways of fooling their victims even if they do check the website address. Some phishers use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed using JavaScript. This makes it difficult for even the savviest of users to distinguish between real and fake sites.


  • Link Manipulation:

In addition to changing the URL, phishers often use link manipulation in their emails to prevent a user from realising that they are being sent to a fraudulent website. Link manipulation may also be referred to as URL hiding. The technique may be varied to suit the attacker’s aims and the target in question.


  • Covert Redirect:

Another phishing tactic relies on a covert redirect. This is where an open redirect vulnerability fails to check that a redirected URL is pointing to a website which may be trusted by the user. The redirected URL acts as a malicious intermediate which acquires authentication information from the victim before forwarding the victim’s browser to the legitimate site.


  • Image messages:

Many internet service providers have designed sophisticated anti-spam filters to protect their users from falling victim to phishing attempts. However, when sending the email, phishers may bypass email inbox filters by rendering all or part of their message as an image. Filters are designed to pick up on phrases which are common to phishing emails.  In image form, phrases used in the email are therefore not picked up by the filter, so the email reaches the potential victim’s inbox.


Never trust embedded links!

The easiest way to avoid being misdirected to a fake website is not to follow the link embedded in an email. Instead, search for the website in question in a new tab, and log in through that link instead. If there really is something wrong with your account, you shall be informed on login. Furthermore, familiarising yourself with common phrases used in phishing emails (such as being addressed to “our valued customer” instead of your name/username) can help protect yourself against scams which have made it past the email filters.

Kinza Zaheer

Writer at Thetic Blog.

Leave a Reply