Have you ever wondered why email phishing attacks continue to succeed despite cybersecurity spending $150 billion per year? This short article exposes exactly why this is happening. And you will also discover how to finally solve this problem once and for all.
Imagine the following statement from a casino patron at a roulette table, “The ball landed on 34. Now I know where the ball will go next!” Ridiculous, right? Yet, Link Validation services operate exactly this same way.
If you want to stop phishing links, it’s critical to understand that these links can have different behavior every time they are accessed. As a pictorial demonstration, click on the following link multiple times: SameLink.net.
It’s the same link, yet each time you got different behavior. But wait! It gets even worse. Unlike a roulette table, links can choose their behavior. For example, every time a link detects the IP address of a security scanner, it can choose to show safe sites. But whenever an IP address isn’t a security scanner, it can choose to show malicious sites (including uploading spyware on your device).
Every time a Link Validation service scans the link, they get good behavior. Then, ridiculously, they tell you that the link is approved. But when you click the approved link, you get entirely different behavior. In other words, you and your company get hacked.
Let’s use the pictorial link above to illustrate. Let’s say every time a Link Validation scanner accesses a link, it gets a kitten and a puppy dog. What good is artificial intelligence or machine learning in this instance? Ok, the artificial intelligence correctly determines that it’s an adorable kitten. So what? What does that tell you about what you will encounter when you click the now-approved link?
All the machine-learning and artificial-intelligence in the world cannot tell what you will experience when you click. It can only detect past behavior, not future. The scanner may correctly determine that it got a kitten, but you can still get a snake. The over-hyped buzzwords of ‘artificial intelligence’ and ‘machine learning’ are meant to distract you from realizing that they are analyzing the wrong thing in the first place.
What about companies that scan links multiple times? If the link changes behavior based upon IP addresses then the security scanner will always get good behavior and you will always get bad behavior. In other words, even if the link was pre-scanned one million times, you would still be guaranteed to encounter danger the moment you click the link.
Do you want to protect your company and home before it’s too late? You need to ask your email Link Validation service two very important questions:
- Do you send me to the original link after your analysis?
- Do you guarantee that I won’t experience a totally different outcome than your analysis did?
To help, here’s some companies and products that send you to the original link, allowing you to experience unpredictable harm:
- Microsoft’s Safe Links
- Vade Secure’s Time of Click
- Avanan’s Smart Phish
One more warning: Beware of the ‘time of click’ bait and switch. Yes, all of the above analyze each link the moment you click. But then they do the unthinkable. They immediately send you to the original link where your IP address can be used to send you to unpredictable harm.
Now you know why email phishing attacks continue to succeed despite cybersecurity spending $150 billion per year. And now you can finally protect your company and yourself.
The solution is to bypass the original link after the analysis experiences good behavior. Skipping over the original link takes away its power to change its behavior. Skipping over the original link fully protects you from unpredictable harm.
You can never predict how a link is going to behave. But that doesn’t matter if you skip right over it. This the key to solving the problem once and for all.