The Internet contains a wide range of threats and knowing how to navigate it safely is critical. It is an essential part of our personal and professional lives and web browsers are our gateway to information. Knowing how to identify malicious links and websites can be the difference between getting hacked or not. In this blog post, we will outline how we get tricked into getting hacked through websites and how to spot malicious activity.
Why it Matters
Websites can be hosted by anyone, anywhere. They can also be activated in a matter of minutes. These malicious websites are used to quickly steal your information and can be taken down as fast as they went up. Here’s some of the most common tactics used:
Password Scam: A fake email demanding you to reset or verify your account password. Once entered, your password is sent directly to the hacker.
Security Scan: A popup window claiming malware has been detected on your computer, accompanied with an offer to scan your computer for free.
Banking: Made to look just like the real thing, these fraudulent banking websites capture your account information and send it directly to the hacker. See below example of a fake RBC website from their alert centre advertised in search engines (the domains in the image does not reflect real phishing domains observed for security reasons).
Free Offer: These online scams claim that you have won a prize and then request you enter your personal information to redeem the fake offer. Malvertising is the act of using online advertising to spread malware and can even be found on legitimate websites. Beware of “special” or “free” offers that could lead to malicious websites and even infect your machine with ransomware.
How to Spot Malicious Activity
Although the specific details of fraudulent websites will vary, here are four common things to watch out for:
Sense of Urgency: Threats, fear, and a sense of urgency are all common tactics hackers use to trick their victims into acting first and thinking later.
Missing Lock: Always look for a lock icon, otherwise known as HTTPS, in your browser bar. This means the website is secure and your sensitive information is encrypted.
Misspellings: Page misspellings and poor grammar aren’t a guarantee of malicious intent, but should always be a red flag when browsing the web.
Odd URL: Always double-check the website URL for any irregularities. When in doubt, manually enter the URL or use publicly available resources.
How to Protect Yourself and Business
Stay Alert: Participate in annual cybersecurity training; be aware of common cyber threats and how to protect yourself and business.
Stay Current: Keep your browser and other software up to date with the latest security patches will help protect you from a wide range of Internet based threats.
Manually Enter a URL: If you receive an unusual request for information, it is best to go directly to the source requesting it. You can do this by searching the legitimate website or business by manually typing the known URL instead of clicking a link. It is important to verify the authenticity of the message before responding to it.
Don’t Click: Hackers design offer links to be as tempting as possible, but when something seems too good to be true, it usually is.
The Internet is a big part of our lives, but also opens you and your organization up to cyber threats. A Managed Service Provider will provide your organization with cloud gateway security to protect both onsite and remote employees but it’s equally important to continue to practice safe browsing. Connect with us to learn about our Security Awareness Training.