Stay safe from phising

2022-02-05 2 min read Learning bash phising

Generally when you get a phising mail, the biggest challenge is finding if the site is genuine or not. And URL shortening services do not make it any easy. Earlier I had posted about using curl to expand the url in this post. However you might not be on a Linux terminal all the time (for example - you are checking something on your mobile), in that case what do you do?

There are some online proxy sites that you can use, for example :

and others, you will probably find a lot when you do a google search.

But another problem with this is which one to use. There are a lot of these sites which do not work well. Some of these allow javascripts which can still be dangerous as you are still visiting the site and javascript will still run on your local system and not on the proxy server. So, I still think that when it doubt, it is better to know the domain for the original link and then do some investigation of wheather the domain is safe to go or not or at-least known to you or not. (If you got link from someone claiming to be your bank, you dont expect it to be some random internet domain).

So, what do I do, just add a ‘+’ at the end of the url. For example if the url is hxxps[://]bitly[.]com/2JC0JHY, then you can type in the following in the URL bar hxxps[://]bitly[.]com/2JC0JHY+

Another good thing about doing this is that if the domain is flagged by someone to the URL shortening service (bit.ly in this case) then hopefully they will display a warning as well.

Stay safe.

comments powered by Disqus