With the advent of malicious or phishing links, it is now common cybersecurity advice to tell people to avoid clicking on links. But the question is, can you survive on the internet without clicking links?
It will be difficult for you to browse the internet for a minute without clicking a link. Hyperlinks are what make navigating the web possible and easy.
So, if that is the case, why are we then advised to avoid link clicking? The fact is that links are not intrinsically bad. So, you will not be hacked just because you clicked a link.
You will be hacked only when you click on a link that has malicious or phishing intent.
Therefore, the right advice is to avoid clicking on malicious or phishing links or unsolicited links. If that is the case, how can you tell if a link is malicious or has phishing intent?
I have a comprehensive post here on how to detect malicious links before and after clicking.
Related Post: URLs- How to Detect Scam and Malicious Link URLs
Why Do Scammers Create Malicious or Phishing Links And What Can They Do With It?
All malicious or phishing links do not have the same purpose. This is to say that hackers create malicious links for different reasons.
Some links will require you to take some actions after clicking them before you can be hacked, while others will start attacking your device the moment you click on it or loads it on a browser.
So, below are common reasons why hackers create malicious or phishing links and how they use them.
1. For Credential Harvesting Using Fake Websites
One common reason why hackers create malicious or phishing links is to use them to deliver cloned or fake websites to their victims.
How this works is that the attacker will create a fake website that looks exactly like a genuine one. This he will use to lure their victims into entering their login details thinking they are on the right website.
Once you try to login into your account using your username and password on the fake website, your login details will be sent to the hacker. The hacker can now use it to log in to your account on the genuine website.
The introduction of two-factor authentication has made this kind of attack less effective on some occasions. This is because the hacker will not be able to login into your account with only your username and password without having your OTP code.
This is why you need to turn on two-factor authentication for your online accounts.
2. For malware delivery
Another reason why hackers create malicious or phishing links is to use them and send malware to their victims.
Malware is those software applications or codes that are designed to steal, spy, or perform unauthorized actions on the victim’s device. This can be a virus, spyware, crypto-jacking codes, ransomware, etc.
Hackers do this by hosting their payloads, malware applications, or malicious files and codes on a web server so that they can be downloaded remotely through the phishing link.
In some cases, the application is downloaded automatically as the victim loads the link in the browser. In some other cases, the victim will have to click on the file to download it themselves. They may be lured to do that using social engineering.
Some malware applications are also designed to be auto-executed. This means they start running on their own once they get into your system. Some simple Javascript codes that execute on-page or document loading can be used to deliver malware the moment you click and load a link.
Malware can do a variety of things on your device when it gets into it. It can spy on you, encrypt your files, steal your login details, or record your video or voice with your device camera and mic, etc.
The best way to stay safe from this kind of phishing link is to download an updated antivirus on your device and scan your device for malware frequently. Also, avoid downloading files from untrusted website links. And be mindful of your download folder for strange files and apps.
3. For Banner Grabbing and Spying
Another reason why a bad actor might want to send you a link is to gather useful information about your device, network, or location. This is known as banner-grabbing. They can also use it to spy on you.
You must know that links designed for banner grabbing alone perform or achieve a greater percentage of their designed goal by you clicking on them alone.
Only by clicking on such links will the bad actor instantly get to know your IP address, the OS you use, and your browser. To get your location, you might be prompted by your browser to give the link the necessary permission.
The reasons why bad actors create malicious or phishing links can be summarized into three
1. To steal your login details. This is known as credential harvesting.
2. They use it to deliver tools they want to use in hacking you to your device. This is malware or payload delivery.
3. To gather information about your network and device.
What Happens When You Click A Malicious Or Phishing Link?
Two things happen when you fall victim to a phishing link.
1. Banner Grabbing
Whenever you click on a malicious link created by a bad actor, the first thing that happens is that your system banners are sent to the hacker on his machine. What I mean by your system banner is your IP address, OS details, etc.
This information is important to a bad actor because it helps him know what types of attacks to throw at you. If you are using a Windows machine, the attacker will now know the type of vulnerable threats to send to your device.
2. Remote Session Opening On The Attacker Machine
Some phishing links open a remote session on the attacker’s machine the moment you click on them, while others do so when you click on or run the downloaded malware from the link.
What a remote session does for the attacker is that it allows him to control your device from his computer. Once that session is granted to the bad actor, they can escalate their privileges on your device and use it to do whatever they want.
Remember, the majority of cyber attacks today happen through malicious links. The way those links can get to us might be through social media, email, or already-hacked websites. We must observe some cybersecurity hygiene while surfing the web in order to remain safe.
What You Should Do When You Mistakenly Click A Malicious Link
Despite how careful you are, there may be times when you might fall victim to a malicious link. If you happen to click on a malicious or phishing link unknowingly, there may be a possibility that your network or device information has already been stolen.
Depending on the intent of the bad actor who created the link, if the link contains auto-execution codes, depending on the amount of time you spent when you loaded the link, you may have been hacked by just clicking it.
If it is a link with a phishing intent to lure you into downloading malware to your device or giving out your login credentials, etc., You will not be hacked except you fulfill the required steps.
When you mistakenly click on a malicious link, irrespective of the link intent, you should do the following;
1. Disconnect Your Device From the Internet
Whether it is a computer or a mobile phone, disconnecting the device from the internet will help you to terminate sessions created already on the attacker machine when you first clicked the link. This will also prevent the bad actor from continuing to have remote access to your device.
2. Terminate The Browser Tab Or Remove and Uninstall The Downloaded Application
Once you discover that the link is redirecting you to another location on the web, you can close the browser immediately.
In the case where you downloaded an app, close the running window, uninstall it, and delete the downloaded file.
Sometimes the app might prove stubborn to uninstall, but you can still do it with antivirus software.
3. Scan Your Device For Malware With An Updated Antivirus
Once you have disconnected your system from the Internet and closed the running app window, you can now run an antivirus scan to detect and remove the downloaded malware.
4. Restore Your Device To Factory Settings And Update Your Online Accounts Password
In the event that you fall victim to credential harvesting, you can change your account passwords immediately. You can also restore your device to factory settings if you can’t remove the apps using antivirus.
5. Protect Your Network With Firewall
In the case where your Public IP address is exposed through banner grabbing, you will need to prevent the attacker from attacking your system using open ports. This is especially true if you are using a static IP address.
Highly insightful piece.