What can happen when you click a link?

08.24.23 09:44 AM Comment(s)

What are the things that can happen when you click a link in a malicious email?

Stage 1 (Just by clicking the link)

  1. Bad actor gets the indication that your email works
    1. Most links sent in an email will be unique to the email it's sent to. If you click the link the bad actor will know that your email address is up and working. Also, they'll know that you are the type of person that clicks links so they'll probably send you more spam!
  2. Bad actor gets your browser "fingerprint"
    1. Your browser session (and every browser session being used) has a footprint based on the information that's available from your session on that website. There are over 50 different data points that your browser gives to a web page just by visiting it. This information (although some is trivial) can disclose information about you and your company. So just clicking a link is giving bad actors 50 clues about you and your company. Here's a few of the things that can be part of your fingerprint: Public IP address, browser used, operating system (e.g. Windows, Mac), browser language, time zone, extensions, and much more! You can go to https://amiunique.org/fingerprint to see how unique your browser session is (the more unique the worse off you are, don't be snowflake!).
  3. Everything and anything
    1. It's also possible if your browser is not updated that bad guys could use a vulnerability in your browser to do lots more than just gather information. Here's a list of the vulnerabilities that Chrome has had: Reference. Some of these allow for someone to own your browser completely. But don't worry, Chrome does a great job of updating, but if you're using an outdated browser or turned off automatic updates you could be in trouble.
  4. Downloading a file
    1. Sometimes just clicking a link can begin the process of downloading a file onto your computer. Usually it will require you to open or run the file to do anything truly malicious, but just getting the file on your computer is a bad step!

Stage 2 (After you click the link)

  1. Web page asks you to enter login credentials
    1. This is call phishing or credential harvesting. These bad actors are trying to get your login information. Usually it's an attempt to get your business email login, but it could also be for other things like your Amazon account or bank account. See Brian Krebs great blog on the value of a compromised email account here: Reference.
  2. Web page installs a malicious extension
    1. If a malicious extension is added the bad actor will basically own your browser and be able to read information on web pages you visit including. Many times these extensions fall into "adware" where they will get paid to re-direct your website to a different web page or send you pop up notifications, but they could also be more malicious.
  3. You open or run a downloaded file
    1. This could be "game over" on your computer. Depending on the malware this could spring board to installing viruses on your system. Sometimes these files would be an office file with macros, or perhaps just an executable or a PDF that will exploit a vulnerability in Adobe or some other application.
    2. The reason bad actors may want to do this are many, see Brian Krebs blog on the value of a compromised PC: Reference.