When going to websites on the Internet, most of us don’t think much about it or what it’s doing in the background. However, there are a lot of nefarious things that can be happening and sometimes all it takes is for you to land on a page, even for a split second for something bad to happen. Unfortunately, browsing at the office has become more of a risk lately due to various factors arising from the cybercriminal world.
Until recently, security certificates (SSL certificates) were indicators that made us feel comfortable about visiting a website and entering information into it. Seeing the little lock icon on the page or ensuring there is an “https://” at the beginning of the address was enough to give us confidence that our information was staying safe.
Unfortunately, we cannot even be sure of that certificate any longer. Phishers can get legitimate security certificates at no charge and are using them on their own websites to lure us into giving up sensitive information or downloading malware to our computers. These security certificates are intended to ensure that all data passed between the web server and browsers remain private and between the two parties communicating with each other.
However, cybercriminals are taking advantage of that fact and are installing these misleading digital certificates. They have realized that people are more likely to trust their malicious web pages if the certificate is there.
This means that it’s nearly impossible to tell when a new website you’re visiting is authentic and safe. All it takes now is for you to simply land on a page infected with malware to do damage to your computer and/or to the corporate network.
Advertising can also do some major damage. When a legitimate website, such as Facebook, sells ad space to a criminal, that criminal can post an ad that is actually malware. If you click on that ad, whatever malware is contained in it ends up on your computer. In some cases, the ad merely has to show up on the website to execute.
Browsing social media at work adds even more risk. Cybercriminals are actively using social media and social networks websites for phishing and to distribute malware to unsuspecting users. They are able to steal login names, passwords, record every keystroke, and even spy on users via the camera. In addition, personal blogs, entertainment sites, and file sharing services are entry points for getting malware onto networks. Drive-by malware downloads are becoming a more popular tool for the criminals, which can occur without any user knowledge and in a fraction of a second.
Researchers even recently found enterprising criminals using Facebook Messenger to send malicious links to users that appeared to be from someone on that person’s friend list.
The bottom line is that merely browsing to a site can pose a big risk to your organization. Even if the connection appears to be safe, it isn’t necessarily the case. If a friend posts a link to social media, it doesn’t guarantee it’s free of malware and if an intriguing advertisement is flashing on the side of the screen on your favorite site, it doesn’t mean that ad is harmless.
Unfortunately, there are no simple solutions for dealing with these types of attacks. Remaining diligent while online and avoiding clicking links in emails and on social media posts can help reduce your risk but won’t eliminate it. Remember, the less you randomly surf on the Internet, the more secure you will be. In addition, keep in mind that now even websites that have https:// in the URL can no longer be trusted immediately so before ever providing personal or confidential information online, do additional research to confirm the site you are visiting is truly legitimate.
© Copyright 2018 Stickley on Security Inc.