This is the second chapter of my topic in my URL Investigation and Prevention series and in this entry, I am going to talk about the effects of malicious URL. Using URL to commit an internet scam is pretty common today simply because it is easy to manipulate and also easy to spread around. A rookie internet user frequently fell into the trap of a nicely crafted URL which appears to be a regular URL to them but leads them to a malicious or phishing site. So now, what would be the outcome after redirecting them into those site?
URL that leads to Malicious site
A malicious site is a site where it contains Malware especially Trojan which will sneak into your computer without you and your antivirus or even firewall knowing it. That is why it is best way to stop any Trojan from infecting you is to prevent them by not clicking them. Most of the time, it is not able to prevent simply because scammers will try their best to lure you into clicking the URL.
Once the Trojan successfully infect into your computer, you will be monitor from time to time until the Trojan is removed. Whatever you do on your computer such as login into your banking account, social network or even your regular internet messenger chat are all logged and sent to the attacker. You might also be part of a DDoS attack where your computer might be one of the source for the attacker to use since it is already infected and controlled by them.
Apart from Trojan, a malicious site can also infect you with Virus. However Virus is not so popular now as its purpose is only to make the victim life difficult and nothing gained from the attacker apart of satisfaction. Therefore it is very seldom for a site to host Virus simply just to damage your computer today because planting a Trojan would be more beneficial to the attacker.
URL that leads to Phishing site
The other types of dangerous URL is the URL that leads to a phishing site. Phishing site is always the best place to land the URL because it does not look suspicious at all at the first glance because the graphical user interface always look like the original one. If you do not check the URL, it is very hard for you to differentiate between the actual site and the phishing site.
Phishing site is the place where sensitive information such as username, passwords, and credit card numbers are stolen. Usually the page will consists of a input textbox that require the soon-to-be victim to enter those sensitive information before proceeding. Once the submit button is pressed, it will not go to the actual server but to the attacker controlled server. The attacker will then use the username and password given to login into your account and even try to login into other online account.
This is because there are many online accounts today and it is pretty impossible for a single user to remember all his passwords if they are set differently. Unless they used a password manager to manage their passwords but I am sure not many is doing this. As a result, users will try to create similar username and password so that they have to remember once and login to all the accounts.
You should be able to see that URL today is pretty powerful in the cyber crime world. Just a minor mistake of clicking a malicious URL can greatly reduce your online safety. That is why it is very important for you to know what you are going to click and where it will bring you to. The next chapter of this series is the strategy on how to investigate URL in details to prevent internet scam.
If you don’t want to miss my URL investigation and prevention series, do subscribe to this blog by email so that I can mail to you the latest update.