In recent years, hacking onto other user accounts has become increasingly challenging. No one can hack onto our social media or bank accounts because day-by-day, computer security is getting more secure. Encryption is getting stronger and more security measures are being put into place; so the job of hackers is getting tough. Here social engineering steps in. is a technique where attackers trick a user to steal his data or plant something malicious in the victim’s system. easily Social engineering In today’s life, everything is digital; we have another life on the internet. But what if we got hacked by some bad guy? Here we are going to talk about phishing. But wait, most people already know basic information about phishing; people check the link they get from mail or SMS to see if they are from an original website or not because phishing links look suspicious and most internet users are scared to open untrusted links. This will not work here. Hackers are smart enough to trick your mind. Here comes the URL Masking technology. , a security researcher talked about it in public and introduced . He says, Koushik Pal URL masking technology URL can be Masked easily, a phishing link can look exactly like a legit URL by a simple browser trick. To make his concept clear he made a bash script named “ “, which became very popular in the social engineering category. MaskPhish can change any URL to another link. Attackers can use it to trick people, but on the GitHub page it’s mentioned that it is for educational purposes only. MaskPhish This article is for educational purpose only, and we are trying to save people by education. If anyone misuses this information then only he will be responsible for this. How MaskPhish Works It works using a browser redirection technique. If a URL contains ‘@’ then the browser skips everything before ‘@‘. To make things clear you can type this URL on your browser and check what’s happening ‘ ’ this link will not lead you to facebook.com this will lead you to hackernoon.com. This is the basic idea of the MaskPhish tool. https://facebook.com@hackernoon.com MaskPhish uses some more advanced things like shortening the URL and pushes some social engineering keywords inside it, and we can see this in the following screenshot: This is seriously harmful for everyone. . What could be more dangerous than this? What if we didn’t notice the URL after opening the link in our browser? We would get trapped. A perfect URL isn’t really Google.com Google.com How to Avoid MaskPhish Attacks Don’t open any URL received from mail or SMS or on any other social media. A link that looks perfect, may be a phishing link. We should always double-check links when the webpage prompts for a login. Never trust anyone. That’s all for today, we hope you liked this, stay safe and secure. Please don’t click on any link received from messages.

Facebook

Google

Hello,  I'm  a Cybersecurity expert and Ethical Hacker, also I write tutorials on Cybersecurity.

2021 - HackerNoon Contributor of the Year - DATA-PRIVACY

2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

2022 - HackerNoon Contributor of the Year - Data Privacy

2022 - HackerNoon Contributor of the Year - Growth Hacking

2022 - HackerNoon Contributor of the Year - Hacking

2022 - HackerNoon Contributor of the Year - Phishing

Learn Ethical Hacking

2021 - HackerNoon Contributor of the Year - CYBER-SECURITY

Nominated for 2022 - HackerNoon Contributor of the Year - Hacking

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

What is URL Masking and How Does It Work?

Too Long; Didn't Read

Companies Mentioned

Kali Linux Tutorials

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...