- Advertisement -spot_img
Wednesday, February 21, 2024
HomeHealthcareRCMThink Twice Before You Click

Think Twice Before You Click

By Mark Anthony Germanos, Chief Information Security Officer, Cyber Safety Net

Now more than ever, you must be careful when online. Hackers target innocent Internet users like you and me every day. They see us as Rich Americans.

We are Rich Americans

When I say that on stage, people roll their eyes and mumble “Ahhhh, he has not seen my mortgage payment, does not pay my bills or have kids to feed. He is not talking about me.” Yes, I am talking about you.

A Rich American” is an American who:

  1. Carries a credit card.
  2. Lives in a home larger than 800 square feet.
  3. Drives a car that starts on the first try.
Figure 1: To qualify as a rich American, you need a credit card, a house larger than 800 square feet and a car that starts on the first try.

I’m not setting the bar too high, now am I? What you are is not important. What you have is. You have a home. I have heard of house theft, where thieves redirect mortgage statements, the owner stops paying, the home falls into foreclosure and the thief buys it from the bank. Scary? Yes. It happens.

You have a credit card. I’ve seen people buy credit card numbers and purchase items for their benefit. If you ever had an unknown charge on a credit card statement and learned the transaction is for something you did not buy or something was shipped to somewhere you have never visited, you know what this is.

You have a car. Thieves in the San Francisco Bay Area steal cars and drive them directly to the port and onto a ship. Sometimes they want cars intact. Sometimes they want to scrap cars and sell them for parts. Regardless, a car that starts on the first try is something you have, and a thief wants.

Hover technique

Think back to the last time you read junk email with a link. You probably thought to yourself, “This is suspicious. I better be safe and just delete it.” Here’s a link to a fake Gmail login page. You can protect yourself by doing my hover trick.

Move your mouse pointer over a link but don’t click it. Your computer presents a balloon box telling you where you will end up if you click the link. This example of http://gmail.com actually takes you to http://cybersafetynet.biz/gmail.com. Hovering over the link reveals where the link will take you.

Figure 2: Hover before clicking.

What a phishing attack looks like

https://en.wikipedia.org/wiki/Phishing defines phishing as “the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.” The email I just described qualifies as a phishing attack.

Phishing emails are SPAM with a sinister intention. Look for three traits when determining if an email is a phish attempt. Only one of three is necessary.

  1. Awkward grammar.
  2. Unnecessary sense of urgency.
  3. Links that do not make sense.

Let’s review one that appeared in my inbox one day. You’ve probably received some with similar traits.

Figure 3: Our best guess…
  1. Awkward grammar. The “We are unsure what caused this but our best guess is…” is awkward and humorous. Did they run out of ideas because someone’s caffeine buzz faded?
  2. Unnecessary sense of urgency? I did not find one here.
  3. Link that does not make sense. I hovered over the AUTHENTICATE link to reveal where I will end up if I click the link. The address fss.vnmu.edu.ua tells us the server is in .ua. Ukraine.

Sometimes the scammers leverage current issues and fears. In the early days of the Coronavirus pandemic, California Governor Gavin Newsom placed California on lockdown. People are nervous. People are afraid. People are looking for information.

Scammers leveraged Coronavirus fears. My business partner, Sophos, published a Coronavirus phishing attack sample at https://nakedsecurity.sophos.com/2020/02/05/coronavirus-safety-measures-email-is-a-phishing-scam/. Those who leverage a disaster like the Coronavirus outbreak as an attack vector are truly the scum of the world. Here is a specimen of their tactics.

Figure 4: The scammer didn’t bother to proofread their work.

member when I wrote “awkward grammar”? This phishing email has both awkward grammar and an obvious spelling mistake. What exactly is “fever,coughcshortness”?

Vet the short links

I’m sure you agree that website addresses are not always honest. My earlier example of http://gmail.com actually takes you to http://cybersafetynet.biz/gmail.com. Hovering over the link reveals where the link will take you.

Figure 5: Hover before clicking.

Sometimes we see short links that someone created after realizing a long link would be nearly impossible for someone to remember and would wrap across multiple lines. The link https://cybersafetynet.net/office-depot-fake-malware-scans-unneeded-300-services-2/ takes up too much space. It sure would be convenient if I could present a shortened link http://alturl.com/zk94i. I can save space. I can also conceal the destination.

There are multiple services that create short links. The big names are Bit.ly, Google, TinyURL, Twitter, WordPress and the service I used for this example, ShortURL. Generating short URLs, or web page addresses, is big business. I Googled “short URL” and Google presented more than 2.4 billion results.

What do you do when you see a short URL link? They are even more concealing than the gmail.com example. I have some good news. You can expand a short URL to see where you will go if you click the link.

Take my shortened URL http://alturl.com/zk94i and enter (or copy and paste it) at  http://expandurl.com/. Expand URL reveals the true destination.

Figure 6: Short URLs save space. They can also hide your true destination. Vet short URLs before clicking them.

This helps you determine where you will end up if you click a link. Do not let short URLs earn more trust than others. The link http://alturl.com/zk94i could have redirected you to…any sinister site. Some hackers use short URLs because they save space and conceal their true destinations.

The true objective of phishing attacks is to entice you to click links you should not click. Just remember that good security awareness training for you and your staff, and keeping security top-of-mind, make the hackers’ jobs harder.

Must Read

Related News