What is link manipulation? Understanding the threat and real-life examples

What is link manipulation?

Link manipulation is a tactic when cybercriminals use deceptive domain names and subdomains to create links in an email or text message that look legitimate. The fake websites these links lead to enable cybercriminals to access sensitive data, install malware, and commit other harmful crimes against users.

Techniques of link manipulation

Cybercriminals use many techniques to create phishing links and carry out a cyberattack. We’ll discuss some of those deceptive tactics and explain how phishing attacks and social engineering techniques relate to link manipulation.

DOM-based link manipulation

The Document Object Model (DOM) is a programming interface that treats a web document as a tree-like structure. It allows programmers to change a document’s structure, content, or style. DOM-based link manipulation arises when an attacker can modify the DOM.

This attack is directly injected into the application during runtime in the client. The hacker executes this attack by modifying the DOM environment in the victim’s browser. They create a URL that could send a user to a phishing page or cause the user to submit sensitive data to the attacker’s server.

Reflected link manipulation

Reflected link manipulation occurs when a user clicks on a link and the web browser executes malicious code. Unlike a DOM-based attack, a hacker uses URL injection to insert this attack into an application during server-side request processing. Conversely, a DOM-based attack is purely a client-side vulnerability.

In this attack, malicious code travels to the vulnerable website and reflects the attack back to the user’s web browser. The web browser then treats it as coming from a trusted server. A hacker can execute this attack by manipulating the path and query parameters (the part of the URL that comes after “.com” or “.org,” separated by a forward slash) of a legitimate URL.

Phishing attacks

Link manipulation is one of the most common techniques used in phishing attacks. Phishing campaigns typically involve deceiving a user into clicking a link in an email that appears to be from a trusted friend, company, or organization. By misspelling the domain or using some other ruse, a hacker can trick a user into clicking an unsafe link. When the user clicks the link, they will be led to a malicious website and prompted by a form to share sensitive information like their login credentials and credit card details.

Once a cybercriminal has a user’s private information, like financial details, they can commit identity theft and fraud. They can also sell victim’s data to other hackers, so the person will have to deal with multiple cyberattacks simultaneously.

Social engineering and link manipulation

Phishing is a type of social engineering attack. Social engineering attacks use psychological techniques to deceive users into clicking a malicious link to what they think is a legitimate website. Then, they end up sharing their personal information on a fake website. These attacks use the user’s trust in a friend or institution against them.

Scammers manipulate victims by playing on their emotions. They use excitement, greed, and fear to get users to give up their private information. This psychological manipulation is a big reason why so many users fall victim to link manipulation scams.

URL obfuscation and redirection

URL obfuscation is a deceptive technique used in link manipulation. A cybercriminal conceals a URL to encourage a user to click a link to a phishing website rather than their true destination.

A common URL obfuscation technique is redirection, where cybercriminals hide unsafe links to fake websites behind legitimate ones. This practice allows a hacker to redirect users to a different site than expected. Cybercriminals often use URL shortening to achieve this. Manipulated links can redirect users to a phishing website that hosts malware or a form that causes a victim to reveal information like login credentials.

Examples of link manipulation

Cybercriminals use various techniques to target unsuspecting users and fool them into clicking on deceptive links.

• URL shortening. URL shorteners are a convenient way to cut down lengthy URLs, but they also allow hackers to mask malicious links. When the URL is only a few characters long, it can be much harder to tell whether or not it might lead to a shady site.
• Concealing the URL. Hiding the URL with a hyperlink is one of the link manipulation techniques cybercriminals use in phishing emails. Instead of including the whole link in an email, the cybercriminal hyperlinks the malicious URL in a word or phrase like “View more.” Like URL shortening, it’s a technique many legitimate businesses use in their emails to avoid long, unattractive links, so many users won’t notice anything weird at first glance.
• Misspelling the URL. Even when users remember to check out what page a hyperlink leads to, they often don’t pay the closest attention to the URL. Hackers exploit this by using misspelled domain names like “faceloook” for their domains to deceive users into clicking manipulated links. This tactic is also known as typosquatting or URL hijacking.
• Internationalized domain name (IDN) spoofing. IDN spoofing is another attack that involves using look-a-like URLs. Cybercriminals use similar-looking characters in a URL to spoof a legitimate website. For example, the Latin letter “a” could replace the Cyrillic letter “a,” and few could tell the difference. The URL would appear to belong to a legitimate organization but would actually lead to a malicious page.
• Subdomain spoofing. To use this domain spoofing attack, a hacker creates a subdomain that mimics a well-known brand or service. If the attacker registers the domain “update” and makes a subdomain called “microsoft,” they could create a URL that looks like this: “microsoft.update.com.” This URL could easily trick users into thinking that this website belongs to Microsoft rather than the hacker.

How to identify link manipulation

Link manipulation is a serious threat, but you can use many techniques and tools to improve your ability to detect it. One is keeping an eye out for anything questionable. Here are some signs of link manipulation in cybersecurity to be aware of:

• Suspicious URLs. Remember to be on the lookout for the link manipulation techniques described above when checking your emails. Is the link spelled correctly? Is it shortened? Hover your mouse over a link before clicking it so you can give the URL a good look.
• An urgent tone. The sense of urgency in a phishing email — like a message pressuring a user to click a link so they can pay an overdue bill before it goes to collections — gives cybercriminals the upper hand over a user who might otherwise know better. Link manipulation relies on riling victims up enough over the idea of a bank account being frozen or missing an exciting sale that they won’t look too closely before clicking.
• Shady domains. A top-level domain is the last part of a URL, like “.com” for a company or “.gov” for a government entity. Short top-level domains like “.xyz” and “.ml” are commonly used by malware actors.

The risk of link manipulation

It’s crucial to take the risk of link manipulation seriously. If an attacker manipulates the destination of a link, they can gain access to sensitive data. They could use that data to commit identity theft and other types of cybercrimes. They could also perform shady actions like installing malware onto a user’s computer.

How to prevent link manipulation

In addition to looking out for red flags in emails, you can use tools to help you identify the URL phishing threats you face. Modern, up-to-date web browsers are essential in the fight against link manipulation. They flag URLs that begin with “http” instead of “https” as insecure, letting users know that it is vulnerable to interception. These browsers often include other security features that alert you to malicious URLs.

If you become aware of any suspicious-looking links, you can also use NordVPN’s free link checker. Just copy the link and paste it into the link checker, and it will detect whether the link is malicious. This feature will help to protect you from data theft and other crimes.

Combat link manipulation with the right tools

Remember that you don’t have to tackle these link manipulation issues alone. NordVPN offers many tools that will help to keep you safe from any shady websites waiting on the other end of unsafe links. Check out NordVPN’s anti-phishing solution to learn more about how it can protect you from phishing attacks.