How Often Do You Look At The URL? It Could Be Fake

July 19, 2019

When you browse to a website you assume that if you type in a specific URL, you will connect to that website and in turn the data you provide to that website will be kept secure. Unfortunately, cybercriminals continue to find new ways to inject themselves between you and the secure websites you are trying to visit. They are getting so sophisticated in their methods, that is nearly impossible to detect anymore.

But there are some ways to protect yourself. The most important thing to remember is that when you browse to any website that requires you to provide login credentials or any confidential information, look for the encrypted session. Even though this added check is no secret, the reality is that people often don’t pay attention; especially when they are in a hurry. When you visit a website and the URL starts with “https://,” it indicates that the webpage you are viewing has been encrypted and should generally be considered secure. However, just having those characters at the beginning is not a guarantee of security. You also need to confirm that the encryption is validated. To accomplish this, most modern web browsers will display a warning if there is a problem with the encrypted session. It is up to you to choose to ignore this warning or not. There should never be a situation where you continue to provide confidential information to a website if you have received a warning that the connection is not secure, or the security certificate is not valid. This warning is telling you there is something wrong. If that’s the case, you shouldn’t trust anything about the webpage.

If you visit a website that is asking for login or other confidential information and you do not have an encrypted connection with “https://,” you should stop. Any legitimate website will always provide encryption when requesting this type of information. If you visit a website often and if the site looks the same as every other day, it is easy to stop paying attention to the URL. However, the cybercriminals are onto this and are taking advantage. So you need to remain diligent to ensure you remain secure.

It is also important to remember that you can manually type in the URL for where you would like to go, but actually end up at a malicious website instead. Even worse, the URL will still reflect that website you intended to connect to. This is due to both “Man in the Browser” and DNS type of attacks. These happen so quickly, that you won’t even know it happened either until it’s too late, or never.

Man in the Browser attacks allow criminals to modify your web browser through malware and cause the information displayed and accessed to be manipulated without your knowledge. But wait! That’s not all. The page might show https:// and not even throw any error messages. This is why keeping up with security patches and keeping your computer clear of malware is so important. In addition, DNS attacks can allow criminals to alter where your browser connects causing it to appear to be connected to one website, but in reality it is connected somewhere entirely different. In these situations, the criminal will make the alternate website appear as though it was the original website you intended to connect to, but this new site will actually be designed to steal your confidential information.

Like with most cybercriminal activity, there is no way to eliminate all risk when browsing on the Internet. In fact, the cybercriminals are getting very good at staying a few steps ahead of the defenders. Instead, it’s up to you to remain diligent and watch for little things that might indicate there is something out of place whenever browsing. And in the words of the TSA, “if you see something, say something” to your manager or someone in the IT department.
In addition to stealing information in the above manner, web browsing remains one of the top ways that computers become infected with malware. With that in mind it is easy to understand why organizations continue to focus attention on web browsing security.

One of the biggest mistakes that employees make when it comes to web browsing is overconfidence. They assume that the organization has implemented filters intended to protect them from browsing to potentially malicious websites. While it is indeed true in many cases, when it comes to blocking all malicious websites, it is impossible. This is why it is even more important that everyone understands the risks and makes every effort to avoid putting their computers and the corporate network at risk.

Criminals will attempt to install malware on your computer via web browsing in a variety of ways, ranging from the more obvious attacks in which a website will attempt to send you software to download and install, to the undetectable zero-day vulnerability exploits. There are also other attacks that can take place through web-based applications. These often ask you to install or update a plugin or add-on.

If you are browsing to a website and it requires you to install any software to continue, you should immediately stop and ask someone in your IT department for help. It is rare that your computer will require new software to be installed by a third party website to work properly. In most cases this software will either be malicious or include some level of marketing spyware that will slow your computer or potentially make it unstable. Again, just remember that if any website asks you to download or install something, talk with IT before going any further.

Zero-day exploits take advantage of zero-day vulnerabilities. These can be the single biggest threat to your organization’s network. A zero-day vulnerability means that there is an unpatched vulnerability on your computer and there is no way to fix it. That’s because the developers of the software didn’t know it existed until it was either exploited or someone found it and news got out.

An often-exploited product for these types of issues is Adobe Flash. When a new vulnerability is discovered in Adobe Flash, it may be several days or even longer that your Flash Player is at risk and no patch is available to fix it. The problem is that if you browse to a website that has malicious code on it, simply connecting to the page is all it may take for the vulnerability to be exploited on your computer.

In these situations, you will not see a warning or receive any indication that something may be wrong or is happening. In fact, in most cases it will appear as if you have just browsed to a webpage and everything is fine. Unfortunately, because there is no patch available, there is often very little your IT department can do to protect you. That is why it is so extremely important that you are cautious in choosing where you browse on the Internet. It is also the reason it is so important that you never tamper with your anti-virus, personal firewall, or other security software on your computer and always allow all security updates and patches to be applied when they become available.

There are some instances where a webpage may prompt you to install an application. In these instances, you will be prompted to choose “Yes / No” to install it or “Install / Cancel.” Criminals are creative though and they will make it so that if you choose no or cancel, the page will just prompt you again and again until it wears you down. In some cases, you will not be able to browse to any other page or even close the webpage you are on at the time. The hope by the criminal is that you will simply choose to install the application so that you can move on. It is important that you never give in. In fact, this is a pretty solid indicator that something nefarious is about to happen. Instead pick up the phone and contact your IT department and explain to them what is happening. They will be able to help you get out of the webpage and get back to safe browsing.

Of course other risks do exist when browsing on the Internet outside of malware being installed on your computer. The unfortunate reality is that browsing on the Internet will always be a risk to your computer and your organization’s network. Limiting where you browse and remaining diligent about potential security risks can at least help reduce your chances of falling victim to malicious website attacks. If you are ever even slightly suspicious that you may have visited a malicious website or if your computer seems to be acting strangely or different from normal, don’t hesitate to contact your IT department and make them aware of your concerns.

Stickley on Security
Published July 18, 2019