1 week Ago By Davey Winder, Senior Contributor
Do. Not. Click.
ullstein bild via Getty Images Security experts have revealed that it takes, on average, just 60 seconds from getting attacked to being hacked . Malicious actors use everything from convincingly impersonating Google in Gmail attacks, deploying infostealer malware to compromise your passwords and 2FA codes , and AI increasingly fueling the threat fire. And that’s before we get to the use of dedicated smartphone farms to launch attacks against Android and iPhone users.
No wonder the Federal Bureau of Investigation has reported that 859,532 complaints of internet crime in 2024 led to losses of $16 billion. “Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams,” FBI Director, Kash Patel, said . Another way to combat the cybercrime pandemic is, as the FBI has also warned, do not click anything.
Phishing is such a hard cyber nut to crack, given that it plays on fear, urgency, and a whole bunch of other emotional levers. These communications often arrive from what appear to be legitimate sources, some impersonate big brands and manage to use their genuine domains to send the malicious emails; they can be hard to spot, and blaming victims for falling for such scams helps nobody. Especially when all it takes is one click for the barrier between your online and offline worlds to start crumbling in the worst possible way.
One-click attacks can take the form of drive-by downloads where malware is automatically downloaded onto your device as a result of visiting a compromised website. Maybe they will employ an attacker-in-the-middle process to steal your browser session cookies and, by so doing, gain ongoing access to whatever account you were accessing at the time and without knowing your 2FA codes. “You might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website,” the FBI has warned.
“The email may be convincing enough to get you to take the action requested.” The FBI’s advice for all users is simple: Don’t click on anything in an unsolicited email or text message. Of course, out here in the real-world, that’s a lot easier said than done.
Attackers are clever, they know which strings to pull and how to get you to click even when the do not click message has been rammed home. So, while “do not click” is a great baseline message, it shouldn’t be seen in isolation. Paul Walsh, co-founder of the W3C Mobile Web Initiative in 2004 and currently CEO of MetaCert, was responsible for the creation of internet standards used to protect companies from malicious web links.
The answer to the phishing problem, Walsh said , is the authentication of URLs before delivery, and not doing so represents “the single biggest problem in cybersecurity.” That’s certainly true when it comes to the average user being able to spot suspicious links. But until such a time that every carrier, every email platform, every user can employ this kind of protection by default, I’m afraid that the FBI “do not click” warning is about as good as it gets.
Ignore it at your peril or, at least, take a breath and think twice before letting your clicking finger loose on that email..
