Davey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Cybersecurity awareness month has now been and gone, but hopefully, the lessons learned during October will remain with users for some time. One of those cybersecurity awareness lessons is never to trust links you see in your email, as they could easily be malicious and part of a.
The general consensus of security opinion is that, at the very least, you should always hover your mouse pointer over a link so as to reveal the actual URL destination rather than just the link text that could say anything at all. But what if hovering over a malicious URL showed you the same fake link details as the link text? Cyber criminals are using a relatively simple technique to obfuscate the true destination of a malicious link for Gmail users who look to the web client rather than an app for their email. Here’s what we know about this attack tactic.when a poster on Nov. 06 posed the question: “Is it safe to hover on attachments ? The question asker was concerned as they had hovered on an attachment and then deleted it without clicking or downloading but worried the act of hovering may have triggered a malicious execution of some kind. The answers were valid and expected, essentially agreeing it’s safe to hover as long as you don’t click.when it comes to dealing with links in email. By hovering over a link you can quickly see where it’s actually taking you rather than where the link text says it is taking you. This ploy is a perennial favorite among the phishing fraternity and has been for decades now. The problem with that advice, while still highly recommended, is that it’s not bulletproof. OK, the shocking cybersecurity truth is that no defensive measures are 100% guaranteed to work, there are always exceptions and it’s these that cyber criminals look to exploit to their benefit. And so it is with link hovering.FBI Warns Gmail, Outlook Users Of $100 Government Emergency Data Email Hackthat all was not well in the link hovering malicious link protection world. What if, they posited, everything’s a con? After spoofing the link text to read as if it’s the genuine login page or site the user is expecting, the cyber criminals in this scenario then spoof the link hovering text as well. This isn’t difficult to do as all it takes is some simple HTML, no Javascript coding required, to edit the mouseover text label. The reason this works is that the mouseover label is displayed right next to the link being hovered, but when using a web client to access Gmail the real URL is displayed, in Chrome for example, at the bottom of the screen. The point being that thew attacker is banking on the reader not looking elsewhere other than the URL that pops up alongside the link. Desktop clients and mobile apps don’t appear to suffer from this lapse in security, so I’d heartily suggest you use them instead of your web browser to read your Gmail if you are concerned about this attack methodology. One member of the cybersecurity community on X told me that they had recently came across the exact same tactic in a phishing email and it is a growing threat vector. Be careful out there Gmail users, and users of any web-based email platform that displays real URLs on hover elsewhere than next to the link itself.Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.Insults, profanity, incoherent, obscene or inflammatory language or threats of any kindContinuous attempts to re-post comments that have been previously moderated/rejectedAttempts or tactics that put the site security at riskProtect your community.
Email Email Security Phishing Threat Email Links Hover Over Email Links Gmmail Web Interface Security Gmail Hack
Canada Latest News, Canada Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Google Confirms New Gmail Security Boost For 2.5 Billion UsersDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Sophisticated Gmail Scam Targets Users with Fake Recovery RequestsA new scam targeting Gmail users is making the rounds, employing convincing fake account recovery requests and phone calls from spoofed numbers. Microsoft Solutions Consultant Sam Mitrovic fell victim to this sophisticated scheme but managed to avoid significant losses. The scammer attempted to trick him into believing his account was compromised by asking about travel history and login locations. Recognizing the warning signs and researching the caller's number, Mitrovic avoided falling prey to the scam entirely.
Read more »
New Gmail Security Alert For 2.5 Billion Users As AI Hack ConfirmedDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Police Issue New 2FA Warning For All Gmail, Outlook, Facebook, X UsersDavey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
Fox News AI Newsletter: AI-powered scam targets Gmail usersStay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.
Read more »
AI-powered scam targets 2.5 billion Gmail users in sophisticated phishing attacksTech expert Kurt “CyberGuy' Knutsson talks about a new AI-powered scam that targets Gmail users and is harder to detect unless you're very cautious.
Read more »