Email links are one of the biggest security threats an organization will face. Why are Email links such a threat?
“Phishing” is the term for an email disguised as a trustworthy contact that is attempting to trick you into divulging sensitive information. A phishing email might request you click a link that sends you to a website that looks just like your bank, but is in fact a fake site designed to collect your username and password.
“Malware” is short for malicious software, most commonly known as a “virus”. Email links can take you to malicious websites that attempt to infect your computer, or they can even infect you computer directly by leveraging flaws in your operating system (most commonly Windows).
So, what we do? Sometimes we need to click on important links that are sent via email, right? The only time it is ever safe to click on an email link is if it satisfies ALL THREE of the following conditions:
1. You know who or what organization is sending you the email.
2. You were expecting the email.
3. You were expecting a clickable link in the email, and know what the clickable link is.
Satisfying just one of these conditions is never enough, you must satisfy ALL THREE! Why?
1. Even if you know who or what an organization is, they can always be compromised or impersonated.
2. If you if you know who an individual or organization is and are expecting an email from them, if they are compromised one email link might contain the spreadsheet you are looking for, but the next one might contain a link to malware. Be sure the content of the email lines up with the content you are expecting to see.
Basically: Unless you explicitly know to trust the link, don’t click it!
If you are concerned about a “security warning” email that claims to be from your bank or some other important organization, go directly to the website by typing in the URL rather than clicking on any links in the message.