Why You Should Always Scan Links in Emails

See the original website: Why You Should Always Scan Links in Emails

Ever clicked on a link in an email and wondered if it was really safe? That’s where the link scanner comes in. It’s like having a digital bodyguard for your emails, making sure you’re not walking into any traps set by cybercriminals.

Don’t like walls of text? Jump to the bottom for the too long; didn’t read (TLDR) version.

So, what exactly is a link scanner?

In simple terms, a link scanner is designed to protect you from malicious links in emails and other communications. In the Microsoft world it’s called Safe Links, but most popular email services have something similar. If your email provider doesn’t, you should consider changing providers or getting a third-party tool like Mimecast that can protect your email.

How does a link scanner work?

A long time ago email was invented, and everything was great. Then cybercriminals realized they can attack good honest people through it. So, spam protection and malware scanners were created. Then the bad guys thought “Since I can’t just send the malicious files, I’ll put a link to my malicious files. That’s when link scanners were created.

Since then, it’s been a cat and mouse game of cyber bullies and hacker wranglers trying to outdo each other.

After sites with malware were blocked the hackers became smarter. They setup fake websites to try and trick good people into giving up their credentials and bank information, etc. This is called phishing.

So, the cyber sleuths added in phishing protection. That’s where the Safe Links app checks the website to see if it looks very similar to another good website. If the websites look to similar, then the safe links will block it. Then the cyber defenders got a little ahead of the crooks.

The defenders said “What if we give every website a reputation. For example, if a site has delivered a bad webpage or two recently it probably will again. So, we should just block those websites for a while” The baddies didn’t like that. So, they implemented URL shorteners.

URL shorteners are websites they you can use to shorten a link. So, a URL that looks like: https://www.gitbit.org/course/ms-500/blog/enable-conditional-access-policies-to-block-legacy-authentication-trx5rgls gets converted to https://shorturl.at/YHBav and when you go to the new URL it redirects to the original link. It makes it easy to type or pass a URL to someone else. But they can also be used for evil as they did in this case.

The heroes then updated the safe link checks to go through all the redirects to the ending page so they knew the websites reputation and could still check the website for bad links. But the criminals weren’t done there.

They then thought “Aha, if I create a website that attacks a zero-day vulnerability no one will stop me!” A zero-day vulnerability is in essence a hidden flaw in software that hackers discover and exploit before the software’s creators even know it exists, leaving it unpatched and dangerous.

So now, the defenders of the internet have implemented zero-day protection using some manual work and some AI. In short, once a zero-day vulnerability is discovered the team gets to work adding it into the safe linking software right away. If a link is found to be in your inbox that does go to a zero-day vulnerable site the email should be removed from your inbox immediately. Meanwhile, AI is used to check a website to see if anything bad happens when you go to the website to, hopefully, get ahead of zero-day attacks. But the bad guys still had one trick up their sleeve.

They thought to themselves “You know, these URL scanning services all scan the website before delivering the emails. What if we made the site legitimate before sending the email and then after the scanning is complete, we update the website to show the bad webpage. So that’s what they did.

But the good guys wouldn’t be defeated. Now, the scanning of the URLs happens when you click on the link instead of when the email is sent to you. So even if the bad guys update the webpage, they’ll still get blocked.

What are the key features of a link scanner I should look for?

• Real-Time URL Scanning: This is where the magic happens. The API scans URLs in real-time, looking for any signs of trouble. If a link looks suspicious, it won’t let you through.
• URL Rewriting: Links can redirect to other websites. A link scanner should follow and redirects to the server / webpage that you will land on.
• Phishing Protection: The link scanning service protects you from phishing attacks (those tricky emails that try to steal your info).
• Malware Protection: The link is scanned for malicious content or downloads that will install viruses, etc. on your device.
• Reputation tracking: The link scanning service should keep a list of known bad sites and simple block them. It’s better to be safe than sorry.
• Zero-Hour Auto Purge (ZAP): The link scanner should have a zero-hour auto purge that will remove any bad emails when a zero-day vulnerability is discovered.
• Detailed Reporting and Tracking: Last but not least a link scanner should give detailed reports so you know who may have fallen for a malicious site and you can then go and train the user and scan their devices for viruses.

There are many ways that links in emails can be malicious. Here are some of the most common:

1. Phishing: Phishing emails try to trick you into giving away personal information, such as your passwords, credit card numbers, or Social Security number. The email may look like it’s from a trusted source, such as your bank or a popular online store. The link in the email will take you to a fake website that looks just like the real thing, but any information you enter will go straight to the scammers.
2. Malware: Some links in emails lead to websites that automatically download malware onto your computer. This malware can be used to steal your personal information, track your online activities, or even take control of your computer.
3. Zero-Day Exploits: These are vulnerabilities in software that are not yet known to the software developers. Hackers can exploit these vulnerabilities by sending you to a website that takes advantage of the flaw in your software, giving them access to your computer or data.
4. Reputation Attacks: Sometimes, links are used to damage the reputation of a person or organization. For example, a scammer might send out an email that looks like it’s from your company, with a link to a malicious site. When people click the link, they think your company is trying to harm them, damaging your reputation.
5. URL Shorteners: Links that use URL shorteners (like bit.ly) can be particularly dangerous because they hide the true destination of the link. This makes it easier for scammers to trick you into clicking on a malicious link.

Originally published at https://www.gitbit.org.