1. Support
  2. Glossary
  3. URL Phishing

URL Phishing

What is URL Phishing?

Cybercriminals use phishing URLs to try to obtain sensitive information for malicious use, such as usernames, passwords, or banking details. They send phishing emails to direct their victims to enter sensitive information on a fake website that looks like a legitimate website.

URL phishing is also known as: fake websites and phishing websites.

How URL Phishing Works

Hackers create phishing sites to harvest personal or otherwise valuable data. They send email messages to their victims in an attempt to lure them to the phishing site. These attacks are successful when a victim follows a link to a website and provides whatever information is requested. Normally these links are disguised as password resets or identity confirmations for legitimate services. The website is also disguised so that the victim does not notice it is a fake website.

Why URL Phishing is Important

Around 91% of security breaches start with a phishing attack, and many of them include malicious links to fake websites. The use of URLs in phishing emails is popular and effective. Unfortunately, about 4% of recipients in any given phishing campaign click on the malicious link, and hackers only need one person to let them in.

Given the success rate, it’s not surprising that reported losses in 2019 due to phishing reached almost $58 million. That’s bad news, considering only 57% of organizations have URL protection in place, according to a recent survey.

In recent years, hackers started to adopt social-engineering tactics to avoid detection and trick users into clinking on malicious links. They combine URL phishing with impersonation techniques, use newly registered high-reputation sites — or even hijack a website of a legitimate business for their phishing campaign, using redirects or URL shortening services.

How to Protect Against URL Phishing

There are a number of strategies you can put in place to protect your users and your business against phishing URLs:

Link Protection

Make sure your email security includes link protection or URL filtering. These technologies will limit access to specific URLs by comparing addresses of sites users attempt to visit to a blocklist or list of known malicious domains. Link protection also automatically rewrites these URLs so they can be scanned by your security solution when clicked to block malicious links.

AI-Based Protection

Attackers are adapting their techniques to bypass email gateways and spam filters, so a good spear-phishing solution that protects against phishing URLs is a must. Artificial intelligence-based protection can identify and block abnormal or impersonating URLs, which signal phishing attacks. Even when a phishing website has never been used in previous campaigns or is hosted on a high-reputation domain, inbox defense can help protect against targeted spear-phishing attacks that use malicious URLs.

Security Awareness Training

Make URL phishing part of your security awareness training program. Ensure your staff can recognize these attacks, understand their fraudulent nature, and feel comfortable reporting them. Use phishing simulation technology to test the effectiveness of your training and evaluate the users most vulnerable to extortion attacks.

Learn More About URL Phishing

Related Terms

Further Reading

How Barracuda Can Help

Barracuda Email Protection is a comprehensive, easy-to-use solution that delivers gateway defense, API-based impersonation and phishing protection, incident response, data protection, compliance and user awareness training. Barracuda Email Protection includes:

  • Barracuda Email Security Gateway quickly filters and sanitizes every email before it is delivered to your mail server to protect you from email-borne threats. Using virus scanning, spam scoring, real-time intent analysis, URL link protection, reputation checks, and other techniques, Barracuda provides you with the best possible level of protection.
  • Impersonation Protection is a cloud-hosted service that uses artificial intelligence for real-time spear-phishing and cyber fraud defense. It connects directly to Office 365, so it works alongside any email security solution with no impact on network performance or user experience.
  • Security Awareness Training is the industry's most powerful Security Awareness Computer-Based Training and Simulation Solution. Using state-of-the-art training and simulation, Security Awareness Training can teach your employees to recognize and eliminate highly specialized spear phishing attempts.

Have questions or want more information about URL Phishing? Get in touch right now.