There are several types of malicious websites that could be linked to phishing attacks. Here are the most common types of phishing websites and how they manipulate you into thinking it’s an official site.
Pharming/DNS cache poisoning
This type of phishing attack redirects a website’s traffic to a malicious site impersonating the original location. It does this by exploiting vulnerabilities in the system that matches domain names with IP addresses.
Clickjacking/ UI interface redressing/iframe overlay
This type of phishing involves the hackers applying several transparent layers over legitimate buttons and links. This means that a user may believe they are clicking on a purchase button or other legitimate link, when in fact, they are downloading malicious software through an invisible button.
Typosquatting/ URL hijacking
These malicious websites look identical to the legitimate, official pages apart from one or two tiny, subtle changes, making it extremely difficult to tell the difference except for the most observant and discerning visitor. This type of phishing exploits users genuine typo mistakes when entering a website address into the URL bar. The differences could be something as small as misspelling a word in the address, adding an extra letter, or using letters that are next to each other on the keyboard (such as n and m).
Tabnabbing and reverse tabnabbing
This malicious website appears when a cyber criminal rewrites data on an unattended tab so that any user who returns to this tab will click on malicious links without necessarily realizing it.