Sage Advice - Cybersecurity Blog

How to Avoid Malware Infection from a Phishing Email

phishing-email

One of the most common methods used to distribute malware is a phishing (fraudulent) email. Embedded in the email will be a “call to action” link, asking you to click here to learn more. The seemingly benign action of clicking on the link can start a destructive chain of events that culminates in compromising your computer, your identity, or even your business.

Here is a common scenario. You receive an email announcing a big sale at a national retailer. The email entices you to click on a link to get your exclusive 50% off coupon. The link looks like this: http://www.national-retailer.com/coupon.

You click the link and the coupon appears on your screen. End of story? Not necessarily. What a link says it is and what a link is programmed to do can be vastly different. That same link could just as easily be taking you to http://www.verybadguy.ru/malware.exe, where malicious code is programmed to download and execute on your computer. This type of redirection doesn’t require any programming skill. It is built into any application that uses hyperlinks.

So what should you do? DON’T CLICK!  Instead, open your browser and type or paste in a known good URL. Not clicking is a fool-proof way to avoid malware infection from a phishing email.

alway-hover-over-a-link-before-clicking

Note: This article is an excerpt from Security Program and Policies: Principles and Practices (2nd Edition) by Sari Greene.


The Key to Cyber Threat Detection - Log Analysis Guide Download

Learn how log analysis can help you protect your information assets and detect network threats.  Our informative guide will walk you through the basics - why it matters, what it can tell you, and how to do it. You’ll also learn about the five important aspects of a successful log analysis process.

Go to Download

Image courtesy of David Castillo Dominici.at FreeDigitalPhotos.net.

Topics: Social Engineering, Cyber Defense

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More