How to know whether the link in whatsapp message is legit or fake?

Hey all! ? Here’s a warm welcome, plus some practical tips on identifying real links vs. fake ones—protect yourself from phishing attacks with confidence!

Phishing is a type of cyber attack which uses emails, websites, text messages to trick people share their sensitive data, downloading viruses/malwares, stealing credentials etc. Attackers usually disguise their websites, emails or messages exactly like a legit website so as to fool a victim into thinking the website/emails they are dealing with is from a legit entity.

Every festival we receive wishes from our loved once, often on whatsapp or in the form of text messages. And during this time someone on the whatsapp group sends an offer message often from well known online stores such as amazon, flipkart. This message looks luring, often ask people to share this message on multiple groups and has a link in the bottom asking people to click on it and take part in survey to win a jackpot. This message looks something like this:

If you look at this message this looks legit as it has link preview wth Amazon logo, a title contains Amazon and a free gift in the body and they are offering these free gifts on the occasion of their 30th anniversary. Now a person who is not aware of phishing attack would probably click on the link and land up on a page where attacker would ask him to fill details that could be used to gain access to his account on amazon.

The link in the message that I have highlighted with red is "https://majestway.top/amazonEaster/tb.php?_t=1620830176" and this is not the legit link for the amazon. I will tell how I was able to figure this out.

Here is the another example from facebook:

This email from facebook's team is about permanent deletion of an user's account and there is a link to "Request a review" so that you can save your account from deletion. Now the email receiver would naturally panic and click on the link to request a review and would try to save his account from deletion if he don't have any idea the link he is clicking is not legit and originally from facebook.

Step 1: Find the legit url of the entity

Search for entity you have received a mail, text or message from, in my example I made a search for amazon on google. That gave me very first search and within that I can figure out the url for amazon just below title and that is "https://www.amazon.in" as shown in the figure below.

Step 2: Know the basics of any url

This part is little technical but I will try to simplify it for you. Every url is consists of these parts [protocol]: //[subdomain].[domain].[tld]. For example, lets understand this with "https://www.amazon.in":

• [protocol] is always http or https and legit website will always have https and not http. In the amazon's website url we have https.
• This is followed by ": //" that is colon and 2 forward slash without space.
• Which is followed by subdomain in our example it is www but it can be anything
• Then domain name which is "amazon" here
• After that it is followed by a TLD (stands for Top Level Domain), some of the popular TLDs are ".com", ".net", ".org", in our example it is ".in". Google search gave me url which has ".in" as a TLD because I made this search in India and as amazon have different native websites to serve people in different countries.
• Once you reach TLD everything after this is the path for the different pages on that website followed by "/" single forward slash, example: https://amazon.in/some-page, notice "/" just after tld .in and "some-page" is the path for some page on amazon.in website.

Step 3: Validating website url for legitimacy

As we now have an url for amazon obtained from google and know the basics of how url is constructed let's decode the URL for the fake amazon link from the example above.

Whenever I verify a link I start from TLD, so let's start verifying this link: https://majestway.top/amazonEaster/tb.php?_t=1620830176

1. Let's remove everything after the TLD and we will get this url: https://majestway.top
2. Now it is pretty clear that this is not a legit url by comparing amazon's true url which is https://www.amazon.in with fake url https://majestway.top.

Let's take another example from Facebook's account deletion mail:

1. Lets remove everything after TLD .tv from this url: https://shorten.tv/@supportviolatefanpage2024 and we will get https://shorten.tv.
2. Most of us know the true url for Facebook is https://facebook.com or https://www.facebook.com and it is pretty clear the above url is not legit.

Let us take another more complex example of adidas. Check this URL: https://adidas.christmas-special.dealsoffercoupons.com/adidas-free-shoe-offer

1. Let's remove everything from url after TLD and we get this url: https://adidas.christmas-special.dealsoffercoupons.com
2. Now after searching for adidas on google I obtained adidas's true url which is https://www.adidas.com now we can ignore www. from any url as it is optional for any website in the world, so we got https://adidas.com.
3. Now starting from right we match each part of the fake url with true adidas url, we have .com in both fake and true url, we move towards right and compare "adidas" from true url with "dealsoffercoupons" from fake url and here we conclude this url is not legit. (note: for some countries TLD for true adidas website can be different than ".com" for India it's ".co.in", so in that case you can assume .com is equal to .co.in for the sake of next comparison.)

I hope I was able to educate you how you can validate and verify url and save yourselves from clicking on it.

This is how a attacker trick a person into landing on their phishing site and collect personal data from them and ask them to download viruses/malwares on their computer or mobile phones.

So don't fall a prey for these links be a smart and use this guide to understand how you can rule out the link if that is legit or fake.