Do. Not. Click.
Update, April 28, 2025: This story, originally published April 26, has been updated with news of further FBI cybersecurity warnings and alerts.
Security experts have revealed that it takes, on average, just 60 seconds from getting attacked to being hacked. Malicious actors use everything from convincingly impersonating Google in Gmail attacks, deploying infostealer malware to compromise your passwords and 2FA codes, and AI increasingly fueling the threat fire. And that’s before we get to the use of dedicated smartphone farms to launch attacks against Android and iPhone users. No wonder the Federal Bureau of Investigation has reported that 859,532 complaints of internet crime in 2024 led to losses of $16 billion.
“Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams,” FBI Director Kash Patel said.
Another way to combat the cybercrime pandemic is, as the FBI has also warned, do not click anything.
FBI Says Don’t Click On Anything
Phishing is such a hard cyber nut to crack, given that it plays on fear, urgency and a whole bunch of other emotional levers. These communications often arrive from what appear to be legitimate sources — some impersonate big brands and manage to use their genuine domains to send the malicious emails. They can be hard to spot, and blaming victims for falling for such scams helps nobody, especially when all it takes is one click for the barrier between your online and offline worlds to start crumbling in the worst possible way.
One-click attacks can take the form of drive-by downloads where malware is automatically downloaded onto your device as a result of visiting a compromised website. Maybe they will employ an attacker-in-the-middle process to steal your browser session cookies and, by so doing, gain ongoing access to whatever account you were accessing at the time and without knowing your 2FA codes.
“You might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website,” the FBI has warned. “The email may be convincing enough to get you to take the action requested.”
The FBI’s advice for all users is simple: Don’t click on anything in an unsolicited email or text message.
Translating FBI Advice Into A Real-World Mantra
Of course, out here in the real world, following that “do not click” advice is a lot easier said than done. Attackers are clever; they know which strings to pull and how to get you to click even when the “do not click” message has been rammed home. So, while “do not click” is a great baseline message, it shouldn’t be seen in isolation.
Paul Walsh, CEO of MetaCert and co-founder of the W3C Mobile Web Initiative in 2004, was responsible for the creation of internet standards used to protect companies from malicious web links. The answer to the phishing problem, Walsh said, is the authentication of URLs before delivery, and not doing so represents “the single biggest problem in cybersecurity.” That’s certainly true when it comes to the average user being able to spot suspicious links. But until such a time that every carrier, every email platform, every user can employ this kind of protection by default, I’m afraid that the FBI “do not click” warning is about as good as it gets. Ignore it at your peril or, at least, take a breath and think twice before letting your clicking finger loose on that email.
More Cybersecurity News, Warnings And Alerts From The FBI
The FBI has confirmed that it placed a $10 million bounty upon the heads of Chinese hackers, or at least is being offered for intelligence regarding specific individuals who are part of the notorious Salt Typhoon state-sponsored espionage group operating out of China. Salt Typhoon, which is also known to use a number of other aliases including FamousSparrow, Ghost Emperor and UNC228, has been behind a number of attacks on the U.S. such as those against the iPhones of people involved in the last presidential election campaign as well as U.S. telecommunications infrastructure.
Another cybersecurity advisory from the FBI hits rather closer to home as far as the Bureau is concerned. Attackers have been observed impersonating the FBI’s own Internet Crime Complaint Center in hacking scams. The warning revealed that the FBI has seen more than 100 of these attacks already. Most often, the campaign uses people pretending to be FBI agents and claiming to have recovered funds lost during a previous incident.
And finally, another FBI alert that you really cannot afford to ignore: 10 tips to mitigate the ransomware rampage. I’d advise reading the full article to get all the FBI ransomware mitigation advice, but if you do nothing else today, then at least follow item No. 1 on the list: Require two-factor authentication for all services where possible, but in particular for webmail such as Gmail, Outlook and others, along with virtual private networks and any accounts that can access critical systems.
Click Here For The Original Source.
