Beware of Phishing form clicking on Links but accessing other Links

Phishing is a form of Hack that is no stranger to everyone, an attacker will fake a Web site and trick users into logging in to steal accounts. Currently, there are many objects using this form of Phishing to steal Facebook, Email, bank accounts… If you are not equipped with knowledge, it is very easy to lose your account, leading to many great consequences.

According to some people’s experience, before clicking on any link, always hover over that link to see what is the destination link below the browser? However, with just one piece of javascript, an attacker can change the preview link of the browser status line. As you can see in the picture below: The link on the browser is https://www.google.com and when hovering the mouse it also shows https://www,google.com.

But when you click on the link you will be redirected to https://example.com

Here is an Example J2team posted on the group to warn everyone:

You can see this form of Phishing directly at the page: https://raw.githack.com/NguyenVanManh-AI/Link/main/fakelink.html. This is Nguyen Van Manh’s page as a Demo for the above video. If you look in the source code, you will see a piece of javascript that can change the content of the browser’s status line:

<a id="link" href="https://example.com">https://google.com</a>
<script type="text/javascript">
    var link = document.getElementById('link');
    link.onmouseover = () => link.setAttribute("href","https://google.com");
    link.onmouseout = () => link.setAttribute("href","https://example.com");
    link.onclick = () => link.setAttribute("href","https://example.com");
</script>

link.onmouseover: will change the link displayed at the bottom of the browser status bar.

Or simply use this script:

<html>
<a href="https://google.com" onclick="try{window.location.href="http://example.com"}catch(e){}return false">https://google.com</a>
</html>

According to Admin Manh Tuan – Google’s main J2team team also used this game on the search page. When I found the results, I found the site link A, and when I moved it, I also saw the status of the website link A. But when I clicked it, it redirected to google.com/?abcxyz… (statistics of the number of clicks on the results) then switch to site A.

So how not to be Phishing

Before logging in to any site, you mustNotice the website address on the Address barif it is not the page you need to log in to, it must be turned off immediately.

phishing paintings

Normal user way:

In order not to be trapped in this case, instead of using the left mouse button to click on the link, get in the habit of clicking the link with the mouse scroll button. This action not only does not click on the link but access another link, but it also helps you open a new tab.

nut

Professional way:

Instead of clicking on the link in the browser, you Right click go to the website choose Xem nguồn trang or press Ctrl + U or press F12. Then find the paragraph with the destination link and copy and paste it into the browser. In my opinion, no one uses this way 🙂

If you are confident that you can overcome Hacker’s Phishing mechanisms, try taking the Phishing knowledge test with Google’s Test to see if you can get the maximum score.

Leave a Reply