Almost all threats start with phishing. Even the very dangerous ones like the kidnapping of your data through a Ransomware, the emptying of your accounts through a banking Trojan like Emotet, or the famous Pegasus spyware, which hijacks your entire mobile, start with a seemingly harmless message posing as someone who is not.
Have you received a message and you have doubts if it is a phishing?
Here we are going to show you a very simple trick to know if the message that you receive is a real phishing or if, on the contrary, it is a legitimate and therefore harmless message.
We already know that there may be many signs that indicate that it may be, such as typos, strange browser addresses, unbelievable offers and an urgent message to prevent us from using our heads, but it is also true that all these things may perfectly not be present and yet it is still a dangerous phishing...
So what else can I check to be absolutely sure that it is a phishing?
Internet addresses cannot be falsified so, if we know how to read them well, they will never be able to deceive us!
In the case of phishing, the attacker, pretending to be another person or entity, wants to steal sensitive information from you. For this he needs to deceive you. Somehow it has to convince you to click on its link and enter its website disguised as legitimate. The good news is that Internet addresses cannot be falsified so, if we know how to read them well, they will never be able to deceive us!
Let's see an example of how it's done
1.- This message supposedly comes to us from MetaMask, the most used cryptocurrency wallet. Nothing seems to suggest at first glance that it is false since it is perfectly designed and contains no spelling errors. It asks us to verify our wallet to comply with the new company rules. If we clicked on "Verify my wallet" I would go directly to the attacker's page and we don't want to do that.
Instead we position the mouse pointer over the link to see the address where it would send us if we clicked on it. It doesn't tell us much because the https address: https://t.co/EiGc7YX... it's shortened by a web redirect service so it doesn't give us any clues.
2.- Now comes the interesting. Instead of clicking on it and entering the attacker's page, what we do is copy the link into the clipboard using the 2nd mouse button. Be careful not to click on the link. Use the 2 button with care
3.-With the address of the link in the clipboard we enter the Virus Total page. A Spanish cybersecurity project created in 2004 by Hispasec, so disruptive that it was bought by Google in 2012.
Once there, we chose the "URL" option and pasted the address we had on our clipboard.
4.- The 92 search engines will start to search for any threat that has the address we have sent and the response will be immediate. In this specific case, it has detected that the address is malicious and that 6 manufacturers confirm it.
In short, without clicking on any link and without running the slightest risk, we have been able to reliably confirm that this message was a phishing.
This procedure, which is also used by cybersecurity investigation teams, is valid for any type of phishing. It doesn't matter if it's to steal your Microsoft 365 credentials, Gmail, or infect you with ransomware or Pegasus.
From now on, every time you have any doubts about a link, you just have to follow these simple instructions to confirm your suspicion. Only on rare occasions can it happen that a malicious link goes undetected, but keep in mind that it can also happen, so if that link smells fishy to you, don't open it!
Navigate with peace of mind
ironGate Cybersecurity
We protect your digital life
by Ricky Fuster https://www.linkedin.com/in/rickyfuster/
Irongate CISO https://www.irongate.es/