Clicking Email Links

Clicking email links without first validating the source of emails can be devastating and poses great security and privacy risks. Fraudulent emails often use credible and trustworthy company logos and spoofed emails to lure people into clicking links embedded in the emails.

The best precaution is to never click links if we are unsure of the authenticity of the emails and take the email messages with a grain of salt.

Whether it’s the spoofed emails with dangerous links which install malware (short for malicious software) on the victims’ devices or act as a phishing schemes which steal passwords and other personal information from account owners after they are routed to a fraudulent website or form that asks for information upon clicking email links with links or even attached documents must be ignored and deleted without clicking any links or attachments IF we are not 100% sure that the emails are safe because the emails are from people and companies that we recognize AND we have confidence that the emails are original and friendly.

The fraudulent emails which often seem to come from people, friends, and companies that we recognize are intended to achieve a vicious objective which include installing a malware to destroy files or the device, or lock files to ask for a ransom before sending a code to unlock the files such as important documents or pictures. Often these ransomware have a time bomb which destroys the hostage files within a period of time if the victim doesn’t pay the ransom amount. That said, there is no guarantee that once the ransom amount is paid, the files are released as promised. The best security strategy is to never click any links within email even if they happen to be legitimate emails in case we are not sure they are authentic. It’s not worth the gamble even if the email message is about a security incident that requires immediate action which is often the core message of the malicious emails. In some situations when the message SEEMS to be REAL, It’s best to directly contact the company for verification and corrective action. For example, fraudulent messages purportedly coming MasterCard have asked card holders to click a link to clear certain fraudulent transactions. In such cases, delete the email immediately without clicking any link or replying to the message and then contact your credit card company directly to validate the message and take the necessary actions. It is usually best to contact the company using legitimate sources such as the monthly statement or the website which has listed phone numbers, emails, online chat options,  and addresses.

Other times, malicious viruses or spyware are installed to steal personal information such as passwords. In these cases, the goal is not to damage files or devices, and ask for a ransom, but rather to observe the user’s activities and steal information for future fraud schemes.

Visit Identity Management Institute for education, training, and certification.