At this point, everyone is probably aware that unknown links in emails are risky things, even if they aren't familiar with the specific threats associated - but people still click! A 2017 study found that, although 78% of people claimed to be familiar with the threat of phishing scams with unknown links, 45% still clicked when tested with a mock phishing email.
The majority of the time users do this out of pure curiosity or a lack of security awareness - but even the most knowledgeable in this field can be caught out from time-to-time, and one malicious link may be all it takes.
Phishing emails aim to manipulate targets into giving out confidential data or system access, which is often achieved by acting as a trusted party and linking to a fake website. For example, a user could receive a phishing email that appears to be from their bank, with a link to log in and view their latest statement. After clicking the link, the user would be taken to a fake website which is identical to the real thing, sometimes even using a similar URL - on top of this, phishing attackers will embellish their emails with urgent language that rushes the user, making them more likely to miss the small differences between the real and fake websites.
Malware is short for malicious software, which is essentially just a term to cover a variety of different viruses that can infect your system. Malware can be delivered to users in many ways, but via email is one of the most common methods, hiding within unknown links as well as attachments. Clicking on a malicious link within in email can begin a download for this harmful software without you even realising it, which can then go on to disrupt operations, slow computer speeds , allow unauthorised access to certain systems, and even steal sensitive information.
Identifying a malicious link on looks alone is much easier said than done with cyber criminals continuously creating new tactics of hiding their true URLs, or making them so close they blend right in. Here are some of the most common methods that attackers use to manipulate malicious links:
- Text Cloaking - This is the most basic tactic, and the easiest to identify, but it's still the most commonly used through malicious emails. With this method, attackers will simply hide the real URL within misleading text - for example, the surface text of a link might read as www.bankofengland.co.uk, but that doesn't mean that's where it will take you. In most cases, hovering over a link of this kind will quickly display the real URL within it, unless more link manipulation methods have been used.
- Typosquatting - Typosquatting links rely on the user scanning over the wording with little focus, as they will simply misspell the web address as subtly as possible. Using the same example as above, an attacker using the typosquatting tactic might use the URL www.bankofemgland.co.uk, swapping out the N for an M. Typosquatting links are usually connected to those imitation websites that we mentioned earlier, as they also take advantage of users misspelling websites in their web browser.
- URL Shortening - Most people who use Twitter will be familiar with URL shortening, as it was made so popular due to the website's character limit, but now it has become a weapon for malicious senders. The problem with shortened URL's is that, even when hovering over them, they will not display the original URL, meaning there is no way to judge their legitimacy on looks alone.
White Paper: Barracuda Essentials for Office 365
Simple Link Protection
Link protection is one of the many features within Barracuda Essentials, and it makes avoiding these malicious websites and downloads hassle-free. The feature re-writes email links, directing to Barracuda servers where they can be checked in real time.
If a link is checked and found to be safe, the user is re-directed straight to the intended website to continue browsing - but, if the link is found to be malicious, the user is re-directed to a safe location where it is explained to them why the link was blocked with informative warnings about the threat that they almost encountered.
Due to it's real time scanning, you don't have to worry about previously safe links that have since been compromised, or being blocked out of previously malicious links that are now benign - everything is up-to-date.