Last year, Amnesty International spotted a long-running campaign against journalists and human rights activists in the Middle East.
Hackers trying to steal email passwords sent torrents of phishing emails to the very people whose cybersecurity could be a matter of life and death. In a clever psychological move, the attackers would take advantage of the security-consciousness of their targets: Fake security alerts lured victims to click malicious links and then unknowingly give away their passwords.
Many of the victims used websites like ProtonMail, the privacy-focused email service based in Switzerland, in hopes to better protect their privacy. The Switzerland-based company added a new anti-phishing feature today aimed at stopping one of the most common and successful hacking techniques ever: Malicious links that we just cannot help but click.
Hacking 101: Phishing is the act of sending links that appear to be one thing but in fact enable some kind of malicious action, whether it’s outright malware or credential theft. It’s sending out a lure and hoping for a bite. It’s one of the most common ways attackers gain access to a victim’s devices and accounts.
ProtonMail added a featured dubbed “link confirmation” enabled by default in its newest version. The feature is that all outgoing links trigger a pop-up window showing the link’s full address.
It’s an echo of a similar feature that Google added to paying G Suite customers last year to identify shortened — and therefore obfuscated — links from services like Bit.
These are strong security moves that will help, if not completely solve, the phishing threat. There are three more easy steps any internet user should take to protect themselves: Multifactor authentication, updates, and password managers.
First, protect your password. Make it strong, random and long. Better yet, you can use a free password manager like LastPass or use Apple’s own password manager features. These programs will do a better job than any person.
Second, make your password is just one layer of protection out of several. Most important internet accounts offer the option of multifactor authentication so that even if someone manages to steal your password, you still need your phone or even a physical key to access your account.
Third, update. There’s almost never a good reason for the average person to put off an update. It’ll keep you safer because updates bolster security and ward off hackers. Turn on automatic updates so you don’t have to think about it again.
Taking just a few steps will place you among the most well-protected people online. Whether that’s cause to celebrate or have a quick cry, I’ll let you decide.