Links to phantom domains don’t pose an inherent risk — so long as companies ensure they review websites for misspelled URLs and remove any placeholder links, hijacked hyperlinks are impossible. From an education standpoint, enterprises need to communicate the inherent risk of any link on any page — not just those that appear in unsolicited emails or text messages. Spoofed websites are a common tactic used by cyber criminals in phishing and smishing attacks, which has led many enterprises to invest time and effort in teaching staff to recognize and avoid the risk of spoofed links. Free tools are available for this purpose, but there’s also an opportunity here to leverage AI to find phantom links, check if they’re now tied to active websites and assess the potential risk of those sites. With Bob’s under a time crunch to complete their new website, one (or more) links on the homepage are entered as It’s a simple error — all that’s missing is the second “s” in the domain name. According to the paper, these domains aren’t digital outliers — the web currently contains links to more than 572,000 phantom domains. The research defines phantom domains as active links to dot-com domains that have never been registered. According to a recent paper published at the 2024 Web Conference, so-called “phantom domains” make it possible for malicious actors to hijack hyperlinks and exploit users’ trust in familiar websites. These templates often contain placeholder links to nonsense domains that should be replaced by businesses before the website goes live. Because the site is familiar, they don’t spend time checking every link on the page — instead, they assume the owners of the site have done their due diligence to ensure hyperlink security.
This Cyber News was published on securityintelligence.com. Publication date: Tue, 01 Oct 2024 15:13:06 +0000