A cautionary tale: understanding URL phishing through fiction

an image of a phishing hook casting URL symbols to a computer screen

04 Oct 2024

The Click That Wasn't

Kieran O'Trouble, a dedicated administrator at the prestigious Emerald University, arrived at his office one typical Monday morning. His day generally involved the student inquiries, handling admissions data, and responding to departmental emails. But this Monday was different. Nestled among his inbox's regular flow of emails was a message that seemed urgent. The subject line read, "Important: Update Your Payment Details for University Payroll".

Clicking it open, he scanned the email. It urged him to update his direct deposit information by following the provided link. The email was well-formatted, using the official university logo, and included a message from someone Kieran vaguely recognised someone who worked in HR.

Though Kieran was accustomed to handling administrative tasks quickly, something felt off about the request. He remembered something that he heard at the online training event he attended during Global Cyber Security Awareness Month last year: ‘Phishing attempts often mimic familiar institutions but use subtle tricks to deceive.’

Could this be a real-life example of a phishing attack? Kieran hovered his mouse over the link in the email, revealing the URL. The address, while similar to the university's official domain, had a few suspicious characters—an extra letter and a different extension. The website URL was not what it seemed.

image of computer mouse arrow hovering over a hidden link in an email

Kieran didn't click the link. Instead, he reached out to the Emerald University's IT Services department, forwarding the email to them for further investigation.

It turned out his instincts were right. His colleagues on the IT Service Desk confirmed that the email was a phishing attempt. Kieran felt a wave of relief. His quick thinking had saved him from a potentially damaging phishing scam, and he couldn't stop thinking about how close he'd come to compromising his own information.

Later that morning, the IT Services department sent out a college-wide alert warning the Emerald University community about the phishing email. As Kieran read through the communication, he was struck by how similar the email had been to the one he received. The IT department emphasised how easily these scams could slip past even the most careful staff members. They provided clear guidance on spotting phishing attempts and encouraged everyone to report suspicious emails.

Kieran forwarded the alert to his team and reminded them to stay vigilant. He also made a mental note to be even more cautious in the future. As the week went on, he noticed his colleagues taking the alert more seriously. Many were asking questions about email safety, and a few even mentioned that they had received similar phishing emails but hadn’t realised the danger.

The IT Services department followed up with more resources, offering quick-reference guides on identifying phishing attempts, and even scheduled a university-wide training session to further raise awareness. As more staff became educated on the topic, Kieran felt reassured knowing that both he and the University were actively working together to protect the community from cyber threats.

header image to indicate the following is a review of content

What is URL Phishing?

Just like Kieran's experience, URL phishing is when malicious actors send seemingly legitimate messages to trick recipients into clicking harmful links. These links often lead to fake websites that mimic trusted sources, intending to steal login credentials or personal information.

How Can You Spot It?

Kieran avoided falling into the trap by recognising key signs:

Suspicious URLs: Always check the actual URL by hovering over any link before clicking. Look for subtle changes, like typos or slightly altered domains.
Urgent or Fear-Based Messages: Be wary of emails demanding immediate action, like updating passwords or payment information. Attackers often use urgency to cloud judgment.
Unfamiliar Senders: Even if the email looks official, double-check the sender's email address. Often, phishing emails come from addresses that are similar, but not identical to the real domain.

What to Do If You’re Unsure

If, like Kieran, you suspect a phishing email:

Don’t click the link. Hover to inspect the URL.
Forward the email to IT Services for verification.
Always check the sender’s email address and cross-reference it with known contacts.

Are you following the Cyber Crime Watch Hub?

Stay informed throughout Global Cyber Security Awareness Month by following the Cyber Crime Watch Hub.

Cyber Crime Watch Hub