A Malicious URL is a link created with the purpose of promoting scams, attacks, and fraud. By clicking on an infected URL, you may download malware or a trojan that can take control of your device, or you might be persuaded into providing personal information on a fake website such as your username and password. Malicious URLs are often seen embedded in phishing attacks, tricking users into clicking on the link(s). Hackers use techniques like “typosquatting” to make malicious URLs look legitimate. For example, the URL is r n icrosoft.com rather than microsoft.com can be used to trick users due to it looking legitimate at a glance.
Additional Reading: Smishing, The New Phishing
What does this mean for a Business Owner or Employee?
- Educate employees through an awareness training tool like CyberHoot
- Phish Test Employees to keep them on their toes
- Remove Administrative Access to the local workstations to limit the impact if a user clicks or accidentally tries to install malware on their machine.
- Implement strong passwords
- Unique 14+ character passwords/passphrases stored in a Password Manager
- Implement Two-Factor Authentication wherever possible
- Something you know (password), something you have (cell pho
- Follow the 3-2-1 backup method for securing all your critical and sensitive data
- Govern employees with cybersecurity policies
- Purchase and train your employees on how to use a Password Manager.
Nothing you do will guarantee you cannot be compromised. However, doing these things proactively will act like the ounce of prevention Ben Franklin was fond of talking about with respect to Fire prevention. It’s worth a pound of cure during a fire (or a breach). Watch the video below for more details on these attacks.