For many years, email has been the most common way for cybercriminals to infiltrate networks, plant ransomware, and steal data. All are unfortunately frequent attacks seen against clinics and hospitals worldwide. In fact, in 2019, Verizon reports that 94% of malware was delivered by email.
Email providers respond to this by keeping their email services as secure as possible.
And while email security certainly has come a long way, cyberattackers are adapting to the changes as well. Because it’s getting more and more difficult to upload a malicious piece of code to an email, attackers are shifting to different tactics—tactics that email providers will have a hard time resolving.
What You See Isn’t Always What You Get
One tactic that cybercriminals use is redirecting users to malicious web pages through malicious or hidden links. A common way to do this is by link cloaking or, in simple terms, disguising a link or Uniform Resource Locator (URL) as something else. What may look like a link to your online bank account could lead to a malicious site that gathers your username and password the moment you enter them.
It’s important to remember that cybercriminals are very good at what they do. Especially now, with cybercriminals taking advantage of the coronavirus crisis, we all need to be extra cautious about what we click.
If you find a link in one of your emails and you’re not sure if it’s safe to click or not, here are a few tips that can help you make the wise and safe choice:
Hover Over It
Hovering over a link means placing your mouse pointer over a link without actually clicking it. It may sound too easy to be a cybersecurity tip, but it’s actually a quick way to display the true destination of a link.
Just hover over a suspicious link—the mouse pointer should change into a pointing finger—and check the target of the link at the bottom of the window. This way, you’ll know whether or not the link is taking you to the site you’re expecting.
Scan It
There are reputable websites that can scan the link or URL, analyze it, and let you know if it’s safe to click or not. They check the website that the link leads you to and check if it has been reported for phishing, hosting malware/viruses, or other suspicious activities.
Here are some of the trusted and most popular URL scanning sites:
To use these sites, you’ll need to scan the actual URLs and not the cloaked ones. To get the actual URL, you need to right-click the link, then click Copy Link Address. You then paste it to the entry box on the site and submit it.
Expand It
URLs are shortened for a variety of reasons. It keeps the links looking neat, it saves space when there’s a character limit to a post, and it can help track metrics on who clicked or shared the links.
Unfortunately, a shortened link doesn’t display its true destination even when you hover over it. This is a problem because you won’t know if the link will take you to the site you’re expecting it to... and it could lead you to a malicious site if you’re not careful.
What you can do is expand a shortened URL to see its original form, title, keywords, author, which search engines you can use to search it, and if it’s safe to click. Visit a trusted link expander site or download a trusted browser extension, and use them to unshorten the link.
Better to Stay Safe When Protecting Your Practice
Cybercriminals are experts at knowing the latest online security features and finding a way around them. That is exactly why you need to know what they’re up to so that you can keep a careful eye out for potential cyber-attacks.
Although sometimes, keeping updated isn’t enough. If you want to protect your personal and corporate networks from malware and phishing attacks, make sure you have the most secure technology available and the most reliable IT experts on call.
MG Hosting Services is a company dedicated to protecting the healthcare industry from the growing threats of cyber attacks and data theft. A practice’s first line of defense against cybercriminals, they are highly trained IT specialists and cloud engineers ready to serve the technical needs of healthcare professionals 24/7. With offsite data storage, military-grade data encryption, and full remote work support, they can prepare practices for anything that comes next. Learn more on their website, and find more posts like this one on their company blog.