Easily detect phishing websites using this Python script
Phishing is an attack that consists of tricking a user into divulging their sensitive information or download malware.
The goal behind this attack is generally to obtain usernames, passwords credit card details, or other personal information useful to the attacker.
For this to work, the attacker needs the user to click on a malicious link and then submit their data or download and install the malware on their devices, which gives the attacker control over the compromised systems.
The malicious link as well as the malicious software is generally sent through email.
Through this article, you are going to learn how to:
- Detect a malicious or suspected link using HookPhish.
- Detect malicious link using the ‘+’ symbol trick.
- Adopt good practices that will help you mitigate this attack.
- Make the Internet a safer place.
At the end of this article, you’ll have enough resources to deal properly with scammers and avoid being one their victims.
HookPhish >-((())->
HookPhish is a Python script that i developed that aids you detect phishing URLs or suspected links.
It incorporates multiple checks such as:
- Redirection Check
- Google Safe Browsing Check
- Whois Lookup
- Real-Time Screenshot of the suspected website
Moreover, it also supports API keys integration. Indeed, it uses some popular websites APIs such as virustotal.com, urlscan.io and abuseipdb.com.
Nevertheless, to use this feature, you first need to specify your API keys.
To install HookPhish, you only need to download the GitHub repository and follow the instructions specified in the READ.ME file.
Well, let’s now take a look at how HookPhish works.
Demonstration
Below, you will find a concrete demonstration of the tool. Thanks to check it out.
As you probably noticed, the script raised some alert:
- Google Safe Browsing check
- Virustotal check
- Urlscan.io check
Here is the phishing webpage’s screenshot i got after the scan was completed:
We can see that it’s an Outlook phishing webpage.
Thus, thanks to HookPhish, we will not submit our credentials that could be used by threat actors to gain unauthorized access to our account.
Another advantage of using HookPhish is that you don’t interact at all with the suspected website. All these checks are done using web scraping and third parties’ APIs.
Additionally to that, you can also check urlscan.io and virustotal’s reports in your browser using the report’s url returned during the scan.
Here is how to do it:
- Virustotal
- Urlscan.io
Excellent guys! Feel free to test this script on your side and don’t hesitate to leave your feedback on the GitHub repository. This script takes me lots of time and a little star ⭐️ will be highly appreciated 😉.
After having a good understanding of how HookPhish works, let’s dive into another trick that can be useful to detect phishing website.
‘+’ symbol trick
Most of the time, threat actors will hide their phishing website’s domain name by using a shortener url service such as bitly.com or tinyurl.com.
The interesting thing with these shortened URLs is that, users can generally check where they point before loading directly the suspicious website.
Really? Yeah guys, that can be feasible by simply adding a ‘+’ to the end of the URL.
Here is an example of how to do it.
Shorten a URL using bitly.com:
Expand the shortened URL by adding a ‘+’ to the end of the suspicious URL.
As you can see, in this scenario, bitly.com alarmed us about the fact that the URL we are trying to get has been flagged malicious.
Warning ⚠️ : Though bitly raised an alert in our case, it’s important to note that adding a ‘+’ to the end of a suspected URL will not always raised an alert even if the URL in question is malicious. What you should keep in mind is that, this trick is generally used to expand a shortened URL.
Here is a another example:
Now, let’s do the same with tinyurl.com:
Then, this is what i got after adding a ‘+’ to the end of the shortened URL:
Based on the figure above, we know that the shortened URL redirects to github.com/0liverFlow/HookPhish.
Talking about HookPhish, guess what? It can also give you a shortened URL redirections.
Here is an example using our previous malicious bitly shortened URL:
NOTE📝: Though adding a ‘+’ symbol to the end of a shortened URL will work for a vast majority of URL shortener services, there are certain situations where this may not work.
Super! Now let’s delve into the good practices to adopt when it comes to phishing.
Good Practices
Detecting a phishing website thanks to HookPhish or the ‘+’ symbol trick is great. This helps you to not fall in scammers’ traps.
Nevertheless, the attacker can sometime create an advanced phishing attack that could be very difficult to detect. In that case, the only way to defeat the attacker is to be vigilant.
Always, ask you the right questions:
Do i know the sender?
For that, you need to check the sender’s email address and not their username because this can easily be replaced by anything.
In the image below, the sender’s username and email address are represented respectively in red and green:
We can confirm that this email really comes from medium see that the domain name of the email address is correct (medium.com).
Does the email body contain any links or attachments?
Great question! As previously explained, phishing attacks are generally sent through email and need the target to click on a malicious link or download a malicious software generally through a malicious attachment.
Hence, if the response is yes, you need to be really really careful before taking any actions because this can be irreversible.
If you suspect an email might be a phishing attempt, DO NOT click on links or download attachments.
Always try to scan the URL using HookPhish or websites such as Virustotal. To scan the attachments, you can use Virustotal as well.
This is very important especially if you don’t know the sender or if the sender seems to act strangely than usual (for instance, one of relative’s account has been compromised by a cybercriminal who tries to compromise your device).
Is the context acceptable?
For instance, let’s say someone sends you an email and pretend to be your bank. They are asking you to provide to them information concerning your credit card. Even if the sender uses your bank’s domain name, you should know that your bank will never ever ask you such confidential information on media like email, phone or SMS. So in that case, a good practice will be to directly call your bank advisor in other to really confirm that information.
Always beware of the latest phishing attacks
It is crucial to understand that everyone can be a potential victim of phishing attack even those who work in the cybersecurity field. Therefore, it is important to keep up with the latest information concerning this attack in order to not be surprised.
Fantastic! Hope you have understood these good practices and more important that you are going to use them in your daily life.
Now, let’s take a quick look to how you can be a hero 🦸♂️ by making the Internet a safer place.
Make the Internet a safer place
Making the Internet a safer doesn’t necessarily require you to work in the cybersecurity field. Everyone can be a contributor.
Let’s say you received an unsolicited email from an unknown user on Gmail saying that your LinkedIn account has been hacked and you need to change your password right now by clicking on an untrusted link in the email body.
Knowing that you’re now well aware of phishing attacks, you decide to not click on the link and close the email without replying to it.
That’s super! However, what you could do instead was to report this email as a phishing email in order to protect other people from being victims of this cybercriminal.
Here is how to do it.
Gmail
Furthermore, you can block the email address and report the phishing link using the Google Safe Browsing Phishing feature.
NOTE📝: You can also report a phishing email on other email clients such as Outlook, Yahoo or Protonmail.
Kudos! You are now part of the Internet hero family 😉.
It’s time now to sum up what we have seen so far.
Let’s recap
In this article, we covered some interesting techniques on how to detect suspicious URLs, using different tools and tricks.
Moreover, we talked about good practices to adopt in our daily life in order to keep ourselves safe from phishing and how we can contribute to make the Internet a safer place.
If i had one last advice to give you, it would be to always be VIGILANT .
That’s all dear readers! Hope you learnt something!
Do not forget to click on the little clap icon below if you enjoyed the content.
Furthermore, thanks for subscribing to my newsletter to keep up with my latest articles.
