Why you should think twice before clicking on a link?

Clicking on any link that is sent to you, even from what seems to be an official website, has the potential of it being malicious. Threat actors will use countless tactics and attack techniques to steal a victims information, and one of these techniques is called Phishing.

What exactly is phishing?

Phishing is a social engineering attack where the threat actor lures victims in with a fraudulent message to get them to open an attachment or click on a suspicious URL with the hopes they reveal sensitive information. To trick victims into thinking the link is safe, threat actors will use recognizable names and accounts attached to the email or message, with the content having a sense of urgency or friendliness to them. Some of these topics may include promotions, business deals, personal account security and even party invitations which are enticing and promote FOMO.

Why phishing is dangerous?

Email phishing links can perform an infinite number of attacks on your machine depending on what that link or attachment was programmed and designed to do. One example of how your machine can be compromised is in the event of a malicious link being clicked, an adversary can gain access or control of your machine, steal your cookies, lock you out of your device and potentially lead to your files being encrypted and held for ransom. A heavy price to pay for simply not thinking before you click!

How to stay protected from reaction based clicking?

Whenever you receive an email or message containing a link or an attachment, make sure to always ask yourself, “Does this make any sense?” Or “Am I expecting an email from my aunt regarding a topic that we never discuss or talk about?”. If the answer is no, it’s probably “Phishing”. Next, make sure you take note of who sent the message and validate the sender by using the header information. If you’re using Gmail, you can select the three dots in the upper right-hand corner of the message and select “Show original” to display the original sender and other information. Also, make sure to hover over any links to validate the redirect link is to an appropriate destination. A lot of phishing links spoof legitimate sites by using special characters to obfuscate users.

Identifying phishing emails is never east and a never ending battle that requires continuous education and training for all users regardless of their department. If you ever come across a phishing email within your organization, immediately report it to phishing for further analysis and investigation. If your organization doesn’t have a phishing response plan, well, now you have some work cut out for you which could end up leading to a promotion or your transfer to technical team. At the end of the day, that should be the goal!

In the meantime, think before you click!

Amir Dinkins