Sunday, November 29, 2020

Spoofed Hover Text

KnowBe4 has an interesting back story. They have an excellent Enterprise Security Awareness Training program that my organization highly recommends.

I follow their blog.

A recent article was a real eye opener. It described how bad actors can spoof phising links by using hover texts.

In summary, HTML has the capability to display pop-up text when the cursor hovers over a link. The bad actors use this capability to distract the user from looking at the real link which appears in the lower left corner of the browser window.

My recommendation - with your cursor hovering over the link, right click and choose "Copy link address".

Then open Notepad and paste the link. That way you can see where the link will REALLY take you.

If the link is confusing, paste the link into the URL Decoder/Encoder and click "Decode".

No comments: