fake links

  • Internet security: what you should know about unverified links shared on social media platforms

    The world is fast shifting  from a physical to a digital landscape, through the extensiveness of  the World Wide Web. In fact, data shows that at least 4.55 billion people around the world are now on social media, since important topics and conversations are now held there. 

    Perhaps, it is the ease that comes with the striking features of social media platforms that offers such an appealing prospect for new users. But these features, as helpful as they appear to be, seem to distract users from noticing the daring danger that confronts the digital space. 

    According to reports by Dataprot, over 1.76 billion corporate records online were leaked by hackers in January 2019. This points to the reality that hackers are on the prowl, and especially through social media platforms, since it is easy to attract potential victims. These common schemes,  perpetuated via malware, viruses, phishing attacks, malvertising, ransomware, etc. on social media platforms, have misled many into falling victims of diverse schemes. 

    On Facebook alone, the social media giants announced that nearly 30 million accounts were accessed by hackers in 2018. Likewise, in 2020, WhatsApp issued new warnings and steps to protect accounts from malicious hackers.

    The usual strategy of online fraudsters  most often is to invite users to click on hyperlinks dispatched on either group or private chats. The links are the hooking baits, and a click by a user is the first step. They are usually ‘unverified links’ which means they don’t carry a specified name or a visible description. 

    What is an Unverified Link?

    A link without a description or identified address is an unverified link. A good example is a phishing link, a combination of URLs that lacks substantiation but appears to be legitimate. It is most often shared on  WhatsApp to bait users to install viruses, spyware or ransomware, on their device.

    A typical example of the current trend of unexplained phishing links shared on WhatsApp groups.

    When a user clicks on a phishing link or opens an ‘unverified’ attachment  (like in the screenshot above) it opens access for malware, viruses, spyware, or ransomware, on the device. However, to avert such instances, a website filter is recommended for users, as it will notify a user when a website is not secured or has a potential harm. 

    How to identify unverified links or phishing links

    One apparent thing about an unverified link is that the web page usually displays lots of meaningless characters in the address bar or includes extra strings of text so that it looks legitimate.  This extra text before the address should raise a red flag that it is a phishing or malicious site.

    The text “Oh my god is this you in this photo?” and similar texts attached to unfamiliar links are usually a phishing scheme. Photo Credits: Panda security

    While highlighting steps to recognise unidentified links, the Federal Trade Commission gave a good example of a phishing email.

    Phishing emails and text messages often tell a story to trick users into clicking on a link or opening an attachment. They may:

    • say they’ve noticed some suspicious activity or log-in attempts
    • claim there’s a problem with users account or payment information
    • say users must confirm some personal information
    • include a fake invoice
    • want a user to click on a link to make a payment
    • say users are eligible to register for a government refund
    • offer a coupon for free stuff

    Worthy of note is that most times criminals impersonate trustworthy sources to get users to click on a link (or download an app) that contains malware.

    Usually, a link is just a mechanism for data to be delivered to a device. Code can be built into a website that redirects users to another site and downloads malware to the device en route to the user’s actual destination.

    When a user clicks on an unverified link or downloads suspicious apps, it increases the risk of exposure to scammers.  

    More red flags that deserve user’s attention

    • When the link or email looks like it’s from a company, a user may know and trust it: It may even use a company logo and header, but a critical look will tell a user that the cloned website or mail looks faint.
    • The link or email says a user’s account is on hold because of a billing problem, so it is up to the user to know if there is a billing problem.
    • The link or email will have a generic greeting, “Hi Dear.” If a user has an account with the business, it probably wouldn’t use a generic greeting but something like “Hello James.”
    • The email invites the user to click on a link to update payment details, but if the user has an account with the company, the email will only update the user to the previous process of payment.

    Nonetheless, there are tools a user can use to  unauthenticate unverified/phishing links. Ip-46.com offers users analysis of links, verifies its safety and catalogues fraudulent websites.   

    A screenshot of ip-46.com 

    Steps to protect the device from phishing

    1. Protect computers by using security software. Set the software to update automatically, so it can deal with any new security threats.

    2. Protect mobile phones by setting software to update automatically. These updates could give users critical protection against security threats.

    3. Protect accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to the account. This is called multi-factor authentication. The additional credentials needed to log-in to the account fall into two categories:

    • passcode obtained via an authentication app or a security key.
    • fingerprint, retina, or face scan.

    Multi-factor authentication makes it harder for scammers to log-in to users’ accounts even if they have access to username and password.

    4. Protect data by backing it up. Back up your data on an external hard drive, cloud storage, phones and make sure those backups aren’t connected to the home network. 

    However, if a user has already clicked a link, there are certain cautions to take.

    Steps to take after clicking on a phishing link

    If a user happens to click on a phishing link or download a malicious attachment mistakenly, the following steps given by agingcare.com will minimize the repercussions.

    1. Disconnect the Device
      The first thing a user should do is to immediately disconnect the compromised device from the Internet. And If it is a wired connection, the easiest way is to unplug the Internet cable (ethernet cord) from the computer.
      This will reduce the risk of malware, (a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service, or network) spreading to other devices on the user’s network, by sending sensitive information from the device and keeping scammers from remotely accessing the user’s device. However, if it is a mobile device, it is best for the user to restore the device to its factory settings. 
    2. Backup Files
      After disconnecting from the Internet, the user should back up files. Data can be destroyed or erased in the process of recovering from a phishing attack. 
    3. Scan System for Malware
      The user can take the device to a professional to check the presence of malware. To scan the system, run a complete scan with an antivirus program. An error message may appear, notifying users that the program could not connect to the Internet. It is advised that the user ignore the message. A system scan can be done without access to the Internet, to avoid reconnecting. 
    4. Change Credentials
      Malware may be used to crop sensitive information, including online usernames and passwords, credit card numbers, bank account numbers, and other identifying information. If a user has been tricked into clicking on a phishing message, it is advised that the user change their online credentials immediately. This includes email, online banking, social media, shopping accounts, and all.
    5. Set Up a Fraud Alert
      According to the FBI’s most recent annual Internet Crime Report, the American public lost a total of over $54 million to phishing attacks in 2020. So to protect online details, the user can contact one of the major credit bureaus and ask for a free fraud alert to be placed on their credit report. This may seem like overkill, but prevention is better than sorry. Once the fraud alert has been set with one of these bureaus, it will be more difficult for fraudsters to open new accounts in the user’s name.

    Website filter is very good on every device because it will notify a user when a website is not secured. 

    A typical example of a website filter alert.

    Social media platforms are full of hackers looking to commit computer crimes. A lot of private information is being shared online through private groups. And that is why experts say that on some platforms, 30 to 40% of advertisements are part of the cybercrime economy. So a user must keep reading every information carefully before clicking on any link.  

    Conclusion

    Unverified text messages and emails have become a dangerous, yet unavoidable, threat in the digital space. The high-quality safety is to err on the aspect of caution and use the “delete” button on emails and texts that appear sketchy. Note that, a legitimate organisation will by no means ask a user to share sensitive, private information via insecure channels like email, text, or pop-up messages. If the message is certainly essential, the sender will try to reach the user through verified techniques like mobile contact or snail mail.

    The researcher produced this fact-check per the 2021 Kwame Karikari Fact-checking Fellowship partnership with JAY 101.9 FM Jos to facilitate the ethos of truth in journalism and enhance media literacy in the country.

Back to top button