What Happens If You Click On Links In Phishing Emails?

ages ago I made this video which was about phishing emails how to recognize them and what not to do specifically do not open attachments from them and do not click links in them I said I would follow up with the description of what happens if you do that it's taken me a really long time to get back to this but this is that video what happens if you click through on a phishing email [Music] so let's start off by defining a typical phishing email these are not the emails where a scammer wants to reply so he can scam you into paying an advance fee we've seen there's a lot in my scam baiting series neither are they the so-called sextortion scams that claim Li recorded you visiting adult sites and demand ransom in Bitcoin we might take a separate look at those in another video but maybe don't hold your breath a typical phishing email makes a claim that some urgent action is necessary on your part and that in order to carry out the action you need to click on a link or a button or you need to open and review an attachment these emails might be telling you that something wrong with your account or that you've won a prize or that you need to update something but they typically urge you to react fast and they want you to open a link or a file so what happens if you click on the link or open the attachment well several things are possible or likely these include any or all of the following firstly and most likely of all regardless what else it might do the link will probably contain coding that uniquely identifies you by clicking on it you may be confirming that you exist that you read your emails that you're gullible enough to click on a link this in turn may allow the sender to sell your verified email at a higher price to people who will try even harder to scam you clicking the link even out of curiosity means the phishing scam are quite likely now sees you as more of a target in order to make this video I have investigated some fishing links and although I opened them in a sandbox environment one thing I noticed was a sharp uptick in general spam after doing this nextly the link might just go to a page that directly attempts to compromise your computer this risk is even higher if you open unknown attachments although in my recent experience attachments in phishing emails nowadays just seem to contain clickable links as a way for the scammers to try to evade spam filtering either way clicking on the payload may infect your browser or your computer with malware anything from ransomware that will lock away your data and demand money to trojans that may open your computer up to external access for your data to be stolen for further malware to be installed or to enslave your computer and use it for sending more scam emails to other people furthermore a phishing link might lead to a plausible looking copy of a legit website which asks you to enter your personal details including user name password identity banking and credit card details only to capture these details for misuse by criminals stealing your identity all your money or both finally and this one is the most scary of all clicking on certain types of just a single click may immediately give direct control of your valuable online accounts to the scammers for example recently I have been receiving a lot of fake emails purporting to be from Google or YouTube claiming I got a copyright strike or won an award whether I have invalid traffic actually this one wasn't asking me to click it just asked me to reply and given my password lame well that there's been unusual activity on my account or there's been a change to terms and conditions or a complaint about spam videos on my channel or invalid click activity on adverts or a video has been flagged as inappropriate none of these claims are true none of these emails are genuine every single one of them is trying to take control of my YouTube account so as to make a quick buck by hijacking my subscribers and good standing and posting their garbage videos here in your faces or using my account to farm likes and views for profit on other accounts they've already stolen the scammers are using session hijacking and similar exploits which means that if I click just one click on that button and it opens in a browser where I'm already logged into Google it grants the scammer access to and control of my account bypassing two-factor authentication or any other security measures one click on that link and my youtube channel is toast scarier sometimes it's good to be scared if it makes you careful and this highlights another important point that came up a lot in the comments on the previous video people suggested it was sensible to just hover the link or copy it out into notepad to figure out where it goes and figure out whether it's safe to click on I am sorry to say that that is terrible advice for at least three reasons firstly because when you look at the URL target of some of these phishing links you may see a domain that looks pretty plausible these just go to Google which if you didn't know better would seem legit other phishing emails in the past have managed to hijack pages on LinkedIn Microsoft TechNet Windows Azure probably other domains that you might consider reputable and trustworthy so examining the link may lead you to the wrong conclusion about it secondly hovering or copying the link runs the slight risk of accidentally just clicking it which as I described earlier can be a big problem when there are exploits where a single click can damage you thirdly and perhaps most trivially there's just no real need to hover or copy the URL you can decide not to click on it without doing that what are you expecting to see anyway the best advice I can give you is just don't click on links in emails don't do it don't open attachments don't click on links don't be provoked by claims of urgency in the email do not click on links without thinking really really hard about it distrust by default of course there are still some genuine cases where you might need to click on a link but these exceptions should not lull you into thinking that clicking links is generally safe it's not if for example you've just reset your password on on online service you might get an email with a link as part of the confirmation loop but you need to be careful be suspicious and start with the default assumption that all email attachments are malware and all links are malicious before you click think long and hard about why this time this one link maybe really does deserve your click the vast majority of the time it does not and you should not click I hope this was useful thanks for watching please stay safe and I hope to see you again soon [Music] you