Hackers abuse vanity links to spoof brands and victimise people

May 16, 2022
Hackers DNS Abuse Vanity Links Spoofing Brands Phishing Domain Names

Many companies utilise vanity links mostly for their brands’ marketing purposes. However, researchers warned that threat actors had established ways to perform phishing attacks using this tool.

Security experts explained that the issue regarding vanity links abuse begins when a cloud service would allow a vanity subdomain of a company but would not verify it or be used to provide services specifically tied to it. Furthermore, hackers can also leverage the predictability of the subdomains in choosing their victims.


The vanity links make it easy for malicious actors to scan companies’ subdomains using different cloud providers.


Covering hidden malicious codes and phishing sites behind a mimicked well-known brand, the hackers can fool their victims effectively into believing fraudulent phishing emails with attached links to spoofed websites.

For instance, in 2019, researchers found several branded companies with lookalike domains created by unidentified third parties using other domain names from the [.]com top-level. The expansion of the top-level domains allowed scammers to have various selections of domains they could use in their campaigns, forcing firms to buy a wide array of domains to protect their brands from being exploited in phishing attacks.

Researchers also added that there are many ways in which hackers abuse subdomains, aside from the top-level domains, because cloud service providers are allowing their clients to use them. Since vanity links make the brands’ URLs seem more professional, it also gives further security to the end-users.

The researchers explained that most site visitors prefer a subdomain link showing the brand’s name rather than a generic one. However, if the company has yet to purchase that subdomain and hackers use it in their phishing schemes, its advantages could backfire.

Site visitors, especially those requested to click on a link to visit a website from a suspicious email message, must always be skeptical before going to any page. Moreover, the website requesting too many personal details from the visitor is another sign to raise doubts, thus must be considered a dangerous web page and be avoided immediately.

About the author