The Internet is notorious for being a minefield of threats, many of which lurk hidden behind innocent-looking links. In order to go about business safely, you need to be able to identify which links you can click; and, which should be skipped.
Unfortunately, learning how to spott fraudulent links isn’t an exact science, but there are ways to become proficient at the art of it.
Trust No One…
…or at least, trust no one’s links. It is exceptionally common for malicious links to be shared through emails or social media messages. In your email client, an easy check is to select the option to view the full header of the message. This will allow you to view the sender’s full email address, as well as the reply-to address, enabling you to judge if the sender is legitimate.
If it just so happens that one of your regular contacts has sent you a link without any context, it is better to reach out to them through some other means to confirm that they did, in fact, send you the mysterious link. Similar actions can take place over social media accounts. Less security-savvy contacts can easily have their accounts hijacked to spread a malicious link, and so you should always be careful of messages that come without warning — even if you know and trust the apparent source.
Sometimes, an attacker will create a clone of someone’s social media account to try and trick their target into accepting friendship. While this may seem initially harmless, keep in mind that the person behind the account now has access to a running record of your activities.
Further Defenses
It is also important to remember that the attackers that use these messages are becoming much more convincing. Many of these phishing attempts will draw upon data stolen from other breaches or drawn from any online accounts to make their attempts more convincing.
Your best defense against links like these is to hover your cursor over the questionable content to see if the link matches what it should. In addition to these practices, you should also keep an eye out for egregious misspellings in the surrounding message, as these are an excellent sign of a malicious attack.
Google Makes Its Move
Google has adopted a policy of flagging any website that doesn’t have a Secure Sockets Layer, or SSL, certificate. This means that, in order to avoid your website displaying with a prominent “Not Secure” in the address bar, you need to obtain a certificate as quickly as possible. Not only will this encourage a sense of trust from your web visitors, it will encrypt their sensitive information and keep them safe from cybercriminals.
Now that you know how to identify malicious links like these, you should call Succurri so that we can stop as many as we can. Call 480-795-2181 for more information.
Want to learn more about what a Managed Security Services Provider is? Listen to Succurri partner, Grant Eckstrom, and Fractional CMO, Tony Lael, discuss the topic in more depth in this video.
