URL Spoofing: Definition and explanation

What is URL spoofing?

A spoofed URL is a fraudulent link that is masked to look like a legitimate source in order to steal your data. Sometimes, just clicking on a spoofed URL is enough to infect your device with malware. Other times, the website will be designed to look identical to one you trust.

This way you won’t question it when asked to enter sensitive information such as your email, password or your home address. However, your data will be sent directly to the hacker instead, who can then use it to steal your money or identity.

Spoofed websites wouldn’t work without any traffic. That’s why they are usually distributed via phishing attacks. A link to the spoofed website is embedded in an email or a text message and then sent to thousands of people. The scams use bait to get you hooked, like an irresistible discount. All you have to do is click on the link.

Examples of the most common spoofing attacks

Hackers have found many ways to create spoofed URLs and use them in malicious attacks. Let’s have a look at the 4 most common types of URL spoofing:

Links behind buttons or words

The oldest trick in the hacker’s book is to send a phishing email pretending to be a trusted source and hyperlinking malicious link to buttons or words. Lazy hackers still do it these days. Thankfully it’s quite easy to spot it. Simply hover over hyperlinked words or right click on it to see the URL.

You might receive an email from your favorite airline offering you cheap flights. All you need to do is click on the green button saying ‘Book Now.’ However, once you click on it, it will take you to a malicious website which will almost instantly install Trojan or another virus onto your device.

Misspelled links

People tend to skim read messages, which means that hackers can send phishing emails with links designed to look just like trusted ones. It’s enough for hackers to change only one character to register a new domain!

Imagine receiving an email from Netflix, for example, asking you to confirm your payment details. When you hover over the link, you see a URL very similar to Netflix.com, but it’s actually ‘netfliix.com’ or ‘n3tflix.com’ (only hypothetical examples). If you just skim your message, you will most likely miss that little difference and click on the link.

URL shorteners

Another common way to spoof URLs is by using URL shorteners like bit.ly and the likes. Some social media platforms limit characters per post (or for text messaging), so short links are a great solution.

However, they also make it easier for scammers to hide malicious links. It’s almost impossible to tell where this shortened URL is going to take you until you click on it.

Links with non-Latin characters

The use of new scripts to register domains has created even more opportunities for hackers to steal your information. Now they can use non-Latin characters to create homographic URLs. This means that spoofed URLs can now use letters with accents, glyphs, diacritics, and more. For example, nordvpn.com could become ņordvpn.com.

Some letters might look just like their Latin counterparts despite coming from a different alphabet. The internet will recognize them as entirely different characters and will allow hackers to register a new domain. These URLs are especially challenging to detect.

How to recognize a spoofed link

1. Before you click on any links, hover over them with your mouse to see the URL.
2. Look for spelling mistakes as well as accents, glyphs or diacritics, otherwise you might become a victim of a URL hijacking.
3. If the URL seems correct, but the deal sounds too good to be true, it might still be a phishing attack. Enter the official company’s URL into your address bar and check if they are really offering that fantastic deal. If you want to be super cautious, drop them a direct email or call them. Never reply to the email you received!
4. If you clicked on a seemingly legitimate link and the website looks just like the trusted source, you should still check whether it’s an HTTPS website. If not – leave immediately.
5. Take precautionary steps – update your web browser and your antivirus. They will usually be able to block malicious content even if you click on it. A great tool for this is NordVPN’s Threat Protection feature. It helps you identify malware-ridden files, stops you from landing on malicious websites and spoofed links, and blocks ads. Threat Protection also has a handy URL trimmer that helps protect your privacy by removing tracking parameters many websites add to URL links.
6. Hackers will continue to use spoofed links to trick you into thinking that they are well-known e-commerce platforms like eBay or PayPal. Keep an eye out for news about the latest scams and attacks.