Supply Chain Defense
What is a Malicious Link?
Malicious links are hiding in plain sight - and they’re everywhere. From funny cat videos on Facebook, to cleverly designed, socially engineered, phishing emails delivered to your business or personal email account. When you receive an email with a link, stop and think before you click. Is this normal behavior from the sender? It’s important to consider that even if the email appears to be from someone you know, the link could be malicious.
How Malicious Links Work
Malicious links are used to inject malware onto your devices. They are used to trick victims into entering passwords or other sensitive data into fake websites that will infect your devices and possibly the entire network and every device connected to it.
What Malicious Links Look Like
These links often look legitimate. In the early days, attackers from overseas often used poor spelling and grammar, so they were easier to spot. But now, they have become much more sophisticated and are difficult to spot.
Tips to Protect Yourself
TURN OFF YOUR MENTAL AUTOPILOT: Don’t open attachments automatically. First determine that the email is legitimate. When in doubt contact the sender, but don’t hit reply. Reach out by phone, start a new email, or visit their site directly.
PUT ON YOUR DISCERNING HAT: Don’t trust unsolicited, unexpected, or suspicious “company alert” emails. If you get one, don’t immediately click the link. Instead, go directly to your online account to check for notifications from them.
LOOK CLOSELY AT THE SENDER EMAIL ADDRESS: Just because the address that appears in your inbox looks legitimate, that doesn’t mean it is. Look closely at the complete email address. If the email isn’t consistent with the domain you know, or if it has extra words or numbers, there is probably something wrong. Trust your instincts if you feel like it looks odd.
STAY CURRENT ON YOUR SOFTWARE VERSIONS: Always, always update your security software. Don’t postpone.
MOUSE OVER INSTEAD OF CLICK: To check out a suspicious link, use your cursor to hover over it to see exactly what it is. You can also use a link scanner or copy and paste the link into a service such as URLVoid or Sucuri. If it is directing you to a website that you are familiar with, you can always bypass the link and visit the site by typing the address in yourself.
Pay Attention to the Details
It’s important that you be on guard for malicious links. Attackers can be creative - inserting a lower case L (l) in place of a 1, or a zero (0) in place of an O. In a long string of letters in an email address or link, those would be hard to distinguish between and you could be tricked into injecting malware into your environment. At a glance www.ClTI.com versus www.citi.com is deceiving.
What other ways have you used to identify a malicious link?