Is there anything that we can do that will completely stop all phishing attacks?
Short answer is no. We can reduce them by trying to get ourselves off different lists, but the hackers and nation-states are always changing their methods, and ultimately the “attacker” whether it is a local script kiddie(new hacker learning stuff), a seasoned hacker using darknet resources, or even a the nation-state that is constantly cyberattacking us: China, Russia, Iran, and N. Korea(CRINK).
Any one of these possible attackers are continually refining their attacks, and even if you paid for top software defenses they will have a chance of evading. The sophisticated attacks will not be stopped.
Does that mean we do nothing and just resign ourselves to the onslaught of attacks?
No we need to work on reducing the possibility of a ‘successful’ infiltration of our devices. We have to have a plan in place and help ourselves as much as possible.
How can we reduce the chances of malware (malicious software) entering our devices?
Of course we can click on only good stuff!! What does that mean ‘good stuff’?
So if I want to go to walmart.com and I get an email stating the latest walmart sale about shoes. It just so happens I am interested in shoes at this time, since my current shoes are fairly worn, and I bought some basic shoes for around the house at walmart last time. I receive an email from walmart about shoes, and I was thinking wow maybe they have some fancy AI and know I am interested in shoes …
So I click on this link Walmart Shoe sale. And lo and behold it does not go to walmart website, in fact I set it up here so that it goes to https://firewalltimes.com/walmart-data-breaches/.
NOTICE THE LINK? Sorry for yelling, but the first link (walmart shoe sale) does not go to walmart….
How should you do things if you are interested in shoes? If you get an email saying go here or there… IGNORE the email!!!
The only way to solve this is to go to walmart.com by typing it yourself, and then search for shoes, and it just so happens that there are Mario Brothers slippers for 16$ .
If you notice on the above Mario brothers link it goes to https://www.walmart.com/ip/Super-Mario-Men-s-Comfort-Slide-Sandals/2022685055.
Note regarding sandals at Walmart: I have no current interest in Slippers anywhere, but if I did, these Super Mario brothers would be interesting – for 16$ not a bad price, although I am sure it is made in China (but I have no idea where they are made). This is just an example of what happens in a hypothetical day of our lives.
Walmart and Super Mario Brothers have(and should keep) all rights that they are supposed to have and I do not get anything for mentioning this potential phishing example. Although I do like Mario brothers, and have played the ancient Mario brother’s game a long time ago.
So how do you click on ‘good stuff’ i.e. good links?
Go to the website using a previous bookmark, enter the website letters, or of course just search for your website using your favorite search engine… (I use startpage.com or duckduckgo.com) these search engines protect my privacy a bit more than Google or Bing. This way if I search for shoes and I drive next to a shoe store an advertisement won’t come up to me automatically as I drive around my neighborhood.
This is another ‘good’ hygiene method, as now I am suspect of emails coming to me about shoes, since I searched with startpage (privacy search engine). Startpage does not give my search information to anyone, so no knows I am searching about shoes.
This also gives me confidence in deleting or ignoring emails about shoes or anything else that comes up that may be interesting which I would want to click on and check out.
My “Click on Links Rule”
- Do not click on links for shopping or going to banks, and other financial institutions.
- If a friend or work acquaintance emails a link I can copy the link and enter into notepad on the computer or a note app on a phone. this allows me to look at the link before I click on it.
- Only if the link is legitimate (this is a larger discussion which I may get into but not right now) would I contemplate clicking on a link after I viewed it.
- If I am still interested in clicking on the link and it looks even a little bit shady, due to shortening link services then I can use other methods to go to the link destination. there are link shortening services such as free-url-shortener — or linkedin.com does that when one copies and pastes a link in a post. for example the above walmart mario brothers shoes link would become: https://rb.gy/6svoro . There are also unshortening websites, i.e. reverses the shortening.
If I am really paranoid(and I want to go to the link) I would boot a computer that does not have a permanent hard drive (booting from DVD) which means the computer environment cannot be changed and then I can click on stuff and even if I go to a hacker website nothing will be installed since it cannot be.
But the main point is to only go to websites using your own searches and typing not with links, especially from emails. The same goes with texts since texts are almost always shortened and it is too hard to see where it is going.
It is also safer and more private to not use Google or Bing search engines, or even using Facebook since all of those entities use your searches and activity to make money to sell to advertisers. Even Amazon sells advertising, but Amazon has many goals when you click on their site, so many issues arise simultaneously. Not really trying to make this more complicated, but each site has it’s own issues.
Definitely I would make a rule : Do not click on links in your email or texts!!
I would learn how to copy and paste and learn what a legitimate URL(Uniform Resource Locator or web link) is before clicking on links.
Sorry, I like my acronyms 🙂 here is the definition from Dictionary.com for URL:
1. The address of a web page, Example: “Type a URL into a browser address bar”
For more interesting stuff on cybersecurity and protecting your computers check out my books:
Goto https://fixvirus.com/order-book/
or check this out:
Which has my Guidebook with phishing examples
Order the books from my publisher: https://publishingconceptsllc.com/product/too-late-youre-hacked-defending-your-small-business-computers-and-networks/ at Publishing Concepts (notice I show you what link it is and where you are going – to the publisher order website section).