One of the most common methods used to distribute malware is a phishing (fraudulent) email. Embedded in the email will be a “call to action” link, asking you to click here to learn more. The seemingly benign action of clicking on the link can start a destructive chain of events that culminates in compromising your computer, your identity, or even your business.
Here is a common scenario. You receive an email announcing a big sale at a national retailer. The email entices you to click on a link to get your exclusive 50% off coupon. The link looks like this: http://www.national-retailer.com/coupon.
You click the link and the coupon appears on your screen. End of story? Not necessarily. What a link says it is and what a link is programmed to do can be vastly different. That same link could just as easily be taking you to http://www.verybadguy.ru/malware.exe, where malicious code is programmed to download and execute on your computer. This type of redirection doesn’t require any programming skill. It is built into any application that uses hyperlinks.
So what should you do? DON’T CLICK! Instead, open your browser and type or paste in a known good URL. Not clicking is a fool-proof way to avoid malware infection from a phishing email.
Note: This article is an excerpt from Security Program and Policies: Principles and Practices (2nd Edition) by Sari Greene.
The Key to Cyber Threat Detection - Log Analysis Guide Download
Learn how log analysis can help you protect your information assets and detect network threats. Our informative guide will walk you through the basics - why it matters, what it can tell you, and how to do it. You’ll also learn about the five important aspects of a successful log analysis process.
Image courtesy of David Castillo Dominici.at FreeDigitalPhotos.net.