Year of Cyber Security Message: Malicious websites - don’t be tricked

You have clicked on a suspicious link to a fake malicious website

We all use a range of websites every day, whether finding information for work or checking the news, shopping or banking at home. Most of these are perfectly trustworthy, but what about those that aren’t?

This is the third in the Defence Cyber Programme’s Year of Cyber articles to help you use cyberspace safely at work and at home.

Simple points to remember:

Avoid clicking on links in emails unless you are certain the message is genuine. Use Favourites for websites you visit often, and use reputable organisations wherever possible.
Don’t enter sensitive information unless you’re sure you are on the right website – and that it is secure.
Keep your anti-virus up to date at home so that it can help reduce the risk of downloading malware.

Useful links:

What do you mean by a malicious website?

Most of the people we know are trustworthy. But unfortunately we’ve all met some people who aren’t – the sort who seem really nice to your face and then say something else behind your back, or those who would trick or even steal from you. And that’s pretty much the same with websites – most are fine, but some are out to trick and steal from us.

A malicious website looks like any other, but is either a tool for getting information from you directly (your bank login details, for example) or for putting some malicious software (malware) on your system to steal your information or take your system over for someone else’s use (often to send spam). A common way of encouraging you to go to a malicious website is through a link in a phishing email, so never click on a link unless you are absolutely certain it is correct – it’s far better to type links into your browser to ensure you are going where you want to (or use your usual search engine or Favourites). We’ll cover phishing in more detail later in the year, but in the meantime Get Safe Online has good guidance.

What is the Risk?

Malicious websites will either capture your details (and use these for social engineering, identity theft or fraud) or will install malware on your system without you knowing. The malware might be a keystroke logger (which reports back everything you type) or might start searching your system, or the whole of the network you are using (such as DII), and send interesting files to an adversary. In Defence the consequences could be very severe.

While DII will block access to many sites which are potentially dangerous, it can’t identify all malicious websites, as more are springing up all the time and new malware is constantly being developed: no system can guarantee to protect against everything. So it’s up to all of us to be vigilant – to think before we click. Alerts are raised when users view inappropriate content on MOD networks and recognised malicious software attempts to download on to the user’s computer.

DII blocks access to many of the websites which typically contain malware, such as gambling and pornography websites which will download as users click images and links. But it’s not only inappropriate sites which can host malware – in November 2013, the popular humour site cracked.com was compromised with a malicious Javascript insert that would force a download of a malicious document. Fortunately DII was protected in this case by a number of technical measures, but these can’t always be relied on 100% as the threats become ever more sophisticated.

Late last year, MODCERT (who coordinate cyber incidents across Defence) warned that the RUSI website was compromised by e-criminals and used to distribute malware: this situation is still ongoing, and obviously presents an additional security risk to Defence personnel who use the site.

At home, the consequences of identity theft or fraud can be serious, and an attacker might take over your system to send spam or commit further fraud and attacks. As noted above, it’s best to avoid high risk sites like gambling and pornography sites. Also beware of scams, like bogus charity sites – often set up during well-publicised disasters like famines and earthquakes) – Get Safe Online[3] has excellent advice on donating safely to charities online to help you ensure your money goes to the charity you want to give it to, not to fraudsters who might use your information for identity theft, and the bogus website itself may host malware.

So what can I do?

To check the links in emails, hover over the hyperlink to check the actual address (shown when you hover over) is the same as the hyperlink shown in the text. It is generally good practice to avoid clicking on email links and instead type links into your browser or use your usual search engine – or use your Favourites for websites you visit often. And avoid entering personal or other sensitive information into websites unless they are secure (address shows “https:” rather than “http:”).

Use your common sense. Does the website look strange in any way? Is the URL spelt correctly and what you expect it to be? If you right-click a hyperlink and select “Properties” you will see the real destination of any hyperlinks on the site – are these what you would expect? Is it offering you something that seems too good to be true? (If so then it probably is.) Is it asking for more information than you would expect to have to give?

Finally, don’t click on pop-up messages, even if they are telling you your computer may have a virus – this is a common ruse used by malware authors to get you to reveal your credit card numbers or even to download malware.

Sanctions

We are all responsible for maintaining the security of our working environment, including Defence’s networks and systems. Action is taken against people who put this at risk, including through inappropriate web browsing – and where that browsing is also illegal it can lead to prosecution.

The website might well use cookies to record information about visitors - because we really would like some information about whoever got fooled enough to come here...