In recent years, hacking onto other user accounts has become increasingly challenging. No one can hack onto our social media or bank accounts because day-by-day, computer security is getting more secure. Encryption is getting stronger and more security measures are being put into place; so the job of hackers is getting tough. Here social engineering steps in. is a technique where attackers trick a user to steal his data or plant something malicious in the victim’s system. easily Social engineering In today’s life, everything is digital; we have another life on the internet. But what if we got hacked by some bad guy? Here we are going to talk about phishing. But wait, most people already know basic information about phishing; people check the link they get from mail or SMS to see if they are from an original website or not because phishing links look suspicious and most internet users are scared to open untrusted links. This will not work here. Hackers are smart enough to trick your mind. Here comes the URL Masking technology. , a security researcher talked about it in public and introduced . He says, Koushik Pal URL masking technology URL can be Masked easily, a phishing link can look exactly like a legit URL by a simple browser trick. To make his concept clear he made a bash script named “ “, which became very popular in the social engineering category. MaskPhish can change any URL to another link. Attackers can use it to trick people, but on the GitHub page it’s mentioned that it is for educational purposes only. MaskPhish This article is for educational purpose only, and we are trying to save people by education. If anyone misuses this information then only he will be responsible for this. How MaskPhish Works It works using a browser redirection technique. If a URL contains ‘@’ then the browser skips everything before ‘@‘. To make things clear you can type this URL on your browser and check what’s happening ‘ ’ this link will not lead you to facebook.com this will lead you to hackernoon.com. This is the basic idea of the MaskPhish tool. https://facebook.com@hackernoon.com MaskPhish uses some more advanced things like shortening the URL and pushes some social engineering keywords inside it, and we can see this in the following screenshot: This is seriously harmful for everyone. . What could be more dangerous than this? What if we didn’t notice the URL after opening the link in our browser? We would get trapped. A perfect URL isn’t really Google.com Google.com How to Avoid MaskPhish Attacks Don’t open any URL received from mail or SMS or on any other social media. A link that looks perfect, may be a phishing link. We should always double-check links when the webpage prompts for a login. Never trust anyone. That’s all for today, we hope you liked this, stay safe and secure. Please don’t click on any link received from messages.

Facebook

Google

Koushik Pal: 'Knowledge Should Be Free'

The Social Dilemma in 2021: Personal Data Privacy

What is URL Masking and How Does It Work?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Guide To Web Security Testing: Part 1 - Mapping Contents

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

A Guide To Web Security Testing: Part 1 - Mapping Contents

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps