Everyone needs to be protected from Internet-borne threats and exploits. The two most common attack vectors are emails with malicious links, or web sites with malicious embedded downloads. In many cases the email link takes you to a cleverly crafted look-alike web page, but there are plenty of examples of well-known and well trafficked legitimate web sites that have been hacked and for a time were hosting malicious downloads unaware.
The first rule of email security is NEVER click on a link in an email. It is always wiser just to type the site address in your browser’s address window, or use a bookmark or favorite that you created and have used before. The one exception is the links that are sent by a website when you set up an account for the first time. Clicking on the link activates your new account. But these emails arrive almost instantly and there is no know exploit where these verification emails are exploited enroute to your inbox.
You can easily verify the actual destination of any link one of two ways. The first is simply to hover over the link with your cursor until the tool tip box opens, and the destination address should display there. The second method is to right click on the link and choose Properties from the context menu. The address will be displayed on the Properties page that opens. This works on email or on web sites.
Another way to confirm a link is to test the link at Virus Total. You can also test attachments and downloaded files here as well, just make sure you are on the right page on their website. This is the link for address testing, this is the link for file testing.
And when web browsing, make sure that your are on a secure and encrypted page when entering your user name, password, credit card information, or other personal data. The web address should start with https://, not the more common http. Internet Explorer 9 and 10 indicate a safe and encrypted page by showing the address in a green address bar. Similarly, known bad or dangerous web page addresses are displayed in a red colored address bar. Be on the lookout for these and leave the page immediately if you find yourself on one of these.
A top quality fully featured Internet security product will help to protect your computer from these threats. You will want something that actively scans file downloads and has a link scanner to protect you from malicious or infected websites, as well as the usually anti-virus, anti-malware, anti-spam, and firewall features. Your network should also be protected by a good quality hardware firewall and intrusion detection device.
Stay tuned for our next installment; data securityShare
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com