Home Blog What is a Malicious Link? What is a Malicious Link? BlueVoyant Share: Facebook Twitter LinkedIn Malicious links are hiding in plain sight – and they’re everywhere. From funny cat videos on Facebook, to cleverly designed, socially engineered, phishing emails delivered to your business or personal email account. When you receive an email with a link, stop and think before you click. Is this normal behavior from the sender? It’s important to consider that even if the email appears to be from someone you know, the link could be malicious. How Malicious Links Work Malicious links are used to inject malware onto your devices. They are used to trick victims into entering passwords or other sensitive data into fake websites that will infect your devices and possibly the entire network and every device connected to it. What Malicious Links Look Like These links often look legitimate. In the early days, attackers from overseas often used poor spelling and grammar, so they were easier to spot. But now, they have become much more sophisticated and are difficult to spot. Tips to Protect Yourself TURN OFF YOUR MENTAL AUTOPILOT: Don’t open attachments automatically. First determine that the email is legitimate. When in doubt contact the sender, but don’t hit reply. Reach out by phone, start a new email, or visit their site directly. PUT ON YOUR DISCERNING HAT: Don’t trust unsolicited, unexpected, or suspicious “company alert” emails. If you get one, don’t immediately click the link. Instead, go directly to your online account to check for notifications from them. LOOK CLOSELY AT THE SENDER EMAIL ADDRESS: Just because the address that appears in your inbox looks legitimate, that doesn’t mean it is. Look closely at the complete email address. If the email isn’t consistent with the domain you know, or if it has extra words or numbers, there is probably something wrong. Trust your instincts if you feel like it looks odd. STAY CURRENT ON YOUR SOFTWARE VERSIONS: Always, always update your security software. Don’t postpone. MOUSE OVER INSTEAD OF CLICK: To check out a suspicious link, use your cursor to hover over it to see exactly what it is. You can also use a link scanner or copy and paste the link into a service such as URLVoid or Sucuri. If it is directing you to a website that you are familiar with, you can always bypass the link and visit the site by typing the address in yourself. Pay Attention to the Details It’s important that you be on guard for malicious links. Attackers can be creative – inserting a lower case L (l) in place of a 1, or a zero (0) in place of an O. In a long string of letters in an email address or link, those would be hard to distinguish between and you could be tricked into injecting malware into your environment. At a glance www.ClTI.com versus www.citi.com is deceiving. What other ways have you used to identify a malicious link? Leave us a comment on LinkedIn. Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
BlueVoyant Share: Facebook Twitter LinkedIn Malicious links are hiding in plain sight – and they’re everywhere. From funny cat videos on Facebook, to cleverly designed, socially engineered, phishing emails delivered to your business or personal email account. When you receive an email with a link, stop and think before you click. Is this normal behavior from the sender? It’s important to consider that even if the email appears to be from someone you know, the link could be malicious. How Malicious Links Work Malicious links are used to inject malware onto your devices. They are used to trick victims into entering passwords or other sensitive data into fake websites that will infect your devices and possibly the entire network and every device connected to it. What Malicious Links Look Like These links often look legitimate. In the early days, attackers from overseas often used poor spelling and grammar, so they were easier to spot. But now, they have become much more sophisticated and are difficult to spot. Tips to Protect Yourself TURN OFF YOUR MENTAL AUTOPILOT: Don’t open attachments automatically. First determine that the email is legitimate. When in doubt contact the sender, but don’t hit reply. Reach out by phone, start a new email, or visit their site directly. PUT ON YOUR DISCERNING HAT: Don’t trust unsolicited, unexpected, or suspicious “company alert” emails. If you get one, don’t immediately click the link. Instead, go directly to your online account to check for notifications from them. LOOK CLOSELY AT THE SENDER EMAIL ADDRESS: Just because the address that appears in your inbox looks legitimate, that doesn’t mean it is. Look closely at the complete email address. If the email isn’t consistent with the domain you know, or if it has extra words or numbers, there is probably something wrong. Trust your instincts if you feel like it looks odd. STAY CURRENT ON YOUR SOFTWARE VERSIONS: Always, always update your security software. Don’t postpone. MOUSE OVER INSTEAD OF CLICK: To check out a suspicious link, use your cursor to hover over it to see exactly what it is. You can also use a link scanner or copy and paste the link into a service such as URLVoid or Sucuri. If it is directing you to a website that you are familiar with, you can always bypass the link and visit the site by typing the address in yourself. Pay Attention to the Details It’s important that you be on guard for malicious links. Attackers can be creative – inserting a lower case L (l) in place of a 1, or a zero (0) in place of an O. In a long string of letters in an email address or link, those would be hard to distinguish between and you could be tricked into injecting malware into your environment. At a glance www.ClTI.com versus www.citi.com is deceiving. What other ways have you used to identify a malicious link? Leave us a comment on LinkedIn. Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more
Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more
Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
