2 mins read

Phishing is the Click of Death: ESET

ESet logoESET, a global provider of security solutions for businesses and consumers, says that when people find a link while browsing the internet (blogs, websites etc), they tend to click on it to see where it goes and this happens even if the context suggests that the link may be malicious.

ESET offers the following tips to people regarding malicious Websites:

Think before you click: Just because you have anti-virus doesn’t mean you can click indiscriminately on the assumption that your software will detect all malicious code and Websites. No security software is fool proof and anti viruses cannot protect you against zero day breaches.

Trust people, not addresses: Don’t trust unsolicited files or embedded links, even from friends. (Reputable security bloggers are usually ok, but even we could make a mistake and leave an undesirable link in a post). It’s easy to spoof e-mail addresses, for instance, so that an e-mail appears to come from someone other than the real sender. Not all messaging protocols validate the sender’s address in the “From” field, though well-secured mail services do often include such functionality.

Not everything in disguise is a blessing: There are many ways to disguise a harmful link so that it looks like something quite different, whether it’s in e-mail, chat or whatever. The sophisticated ways in which malicious links are sometimes disguised in phishing e-mails so that they appear to go to a legitimate site has forced developers to re-engineer Web browsers to make it easier to spot such spoofing. Unfortunately, people don’t even do rudimentary things like hovering the mouse cursor over a link, which can show up the real link.

Don’t sweat the short stuff: One common technique for hiding the URL to which the link will eventually take you is to use a URL-shortening service, including legitimate URL shorteners like TinyURL, bit.ly, t.co and so on. URL shortening is great for micro-blogging services like Twitter; however, because you typically cannot see the destination URL beforehand, there is a certain amount of risk. You cannot take it for granted that URL shortening services like bit.ly and TinyURL are redirecting you to trustworthy Web sites. Indeed, spam tweets containing a short link to a malicious site are quite common.

Convenient isn’t always safe: There’s even more risk when you find a shortened link in a message you receive by email, instant messaging, and so on. Remember one thing-when a message isn’t restricted to the 160 character maximum of an SMS text message, there’s rarely a real need for obsessive trimming of message length, so you might well wonder whether a shortened URL in such a message (or a blog article, or a Facebook message) might be hiding something unpleasant. Better safe than sorry!

Go Dumb: Don’t throw away that old feature phone. Most old phones use J2ME and if you are suspicious, it is good to use a browser on an old phone to see where the link leads. This way, your PC or smart phone is safe from malware.