We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.
Imagine a fictional company that rises to become a global retail and multimedia giant, a household name—let's call it TallMart.
Our entirely fictional TallMart offers an extensive array of products and services. Users engage in buying and selling, managing payments, running ad campaigns, customizing personal profiles, watching exclusive movies from TallMart Studios, handling TallMart Web Hosting accounts, and now, accessing telehealthcare from licensed TallMart medical professionals.
Our motto is simple: TallMart: Why Go Anywhere Else?
Given TallMart's status as the world's most trusted online retailer, akin to giants like Facebook, Amazon, and Google, it enjoys widespread trust. However, like other major platforms, TallMart's massive success attracts cybercriminals attempting to scam its users for money and sensitive information. With so many transactions, the opportunity to separate users from money is there; and hackers are nothing if not opportunists.
TallMart users receive numerous emails about products, account notifications, receipts, transactions, and offers. Cybercriminals can easily mimic these emails, adopting TallMart's branding and employing technical spoofing to make them appear legitimate. They may include links that seem to lead to TallMart but redirect users to similar-looking URLs under the cybercriminals' control.
Creating a deceptive webpage is inexpensive and quick, allowing cybercriminals to register domains like Talmart.com or TallMartcustomerservice.com. It's crucial for users to stay vigilant and recognize potential warning signs to avoid falling victim to scams.
While methods may vary across applications, hovering your mouse over a link typically reveals its destination. Most email clients and web browsers display the link destination at the bottom of the page.
While checking for misspellings and unofficial URLs, an effective way to identify a suspicious link is by observing periods after the domain name. For example:
Safe: https://www.tallmart.com/gp/help/customer/account-issues
Safe: https://support.tallmart.com/
Suspicious: https://support.tallmart.com.ru
The truth is that some legitimate URLs may have periods toward the end of them, indicating file types like .html, .pdf, .doc, etc. are connected to the link or attachment. It’s best to remain cautious with direct links to files in every situation, as malware could be embedded and all it takes is a simple interaction to execute the malicious code. It’s best to avoid clicking on suspicious email attachments. Ultimately, exercising caution with clickable content is the most prudent practice to keep yourself from becoming a victim.
You should always hover over links to inspect their destination. If you find that there is a period in any abnormal place, be skeptical and either avoid it altogether, or verify that it is from a legitimate source.
If an email urges urgent action, such as logging into your account, refrain from using the provided links without first making certain that any link or attachment is completely legitimate. You can do this in several different ways, but clicking through without considering the potential consequences could turn out to be a nightmare for you and for your organization.
Please share this with others because the more people know about how to stay safe online, the safer we all are.
Comments