Link Validation Myth

What if cybersecurity vendors were selling you something that doesn’t even exist? What if you’re betting the security of your company and home on something that doesn’t exist? Most email security services not only sell Link Validation, the very core of their claimed security depends on it. And, if you haven’t guessed by now, Link Validation doesn’t even exist in the real world – and never will. Here’s why.

Imagine the following statement from a casino patron at a roulette table, “The ball landed on 34. Now I know where the ball will go next!” Ridiculous, right? Yet, Link Validation services operate exactly this same way.

If you want to stop phishing links, it’s critical to understand that these links can have different behavior every time they are accessed. As a pictorial demonstration, click on the following link multiple times: SameLink.net.

It’s the same link, yet each time you got different behavior. But wait! It gets even worse. Unlike a roulette table, links can choose their behavior. For example, every time a link detects the IP address of a security scanner, it can choose to show safe sites. But whenever an IP address isn’t a security scanner, it can choose to show malicious sites (including uploading spyware on your device).

Every time a Link Validation service scans the link, they get good behavior. Then, ridiculously, they tell you that the link is approved. But when you click the approved link, you get entirely different behavior. In other words, you and your company get hacked.

But wait! The next secret exposed is a doozy. Are you ready for the biggest Link Validation bombshell?

Any Bozo Can Do It

What if the Link Validation companies actually give hackers all the information the need to successfully use this attack – so that any bozo can do it? The largest Link Validation company is Microsoft. Their Link Validation product is called ‘Safe Links’. And the IP addresses used by this security scanner are published online – by Microsoft itself.

Just think about this for a moment. Microsoft publicly publishes all the IP addresses that hackers need to send to good sites. In other words, it doesn’t take a genius to design phishing links that systematically bypass the most used used Link Validation in the world. In fact, given that the IP addresses are published online, even newbie hackers can use this data to bypass Microsoft’s service.

Let’s use the pictures from SameLink.net to illustrate. Every time Microsoft’s service accesses a link, the phishing site is pre-programmed to send that IP address to a kitten and a puppy dog. What’s the point of all the other components of Microsoft’s offering? For example, what good is artificial intelligence or machine learning in this instance? Ok, the artificial intelligence correctly determines that it’s an adorable kitten. So what? What does that tell you about what you will encounter when you click the now-approved link?

All the machine-learning and artificial-intelligence in the world cannot tell what you will experience when you click. It can only detect past behavior, not future. The scanner may correctly determine that it got a kitten, but you can still get a snake. The over-hyped buzzwords of ‘artificial intelligence’ and ‘machine learning’ are meant to distract you from realizing that they are analyzing the wrong thing in the first place.

Link Validation companies hype their ability to correctly assess the sites they encounter; but they never tell you that you can encounter entirely different sites than the ones that they analyzed.

What about companies that scan links multiple times? If the link changes behavior based upon IP addresses then the security scanner will always get good behavior and you will always get bad behavior. In other words, even if the link was pre-scanned one million times, you would still be guaranteed to encounter danger the moment you click the link.

Two Important Questions

Do you want to protect your company and home before it’s too late? You need to ask your email Link Validation service two very important questions:

  • Do you send me to the original link after your analysis?
  • Do you guarantee that I won’t experience a totally different outcome than your analysis did?

If a company is sending you to the original ‘validated’ link then it’s basing the security of your company and home on Link Validation. In other words, it’s basing the security of your company and home on something that doesn’t exist.

One more warning: Beware of companies offering the ‘time of click’ bait and switch. Yes, these companies analyze each link the moment you click. But then they do the unthinkable. They immediately send you to the original link where your IP address can be used to send you to unpredictable harm.

Solution

Now you know why email phishing attacks continue to succeed despite cybersecurity spending $150 billion per year. And now you can finally protect your company and yourself.

The solution is to bypass the original link after the analysis experiences good behavior. Skipping over the original link takes away its power to change its behavior. Skipping over the original link fully protects you from unpredictable harm.

You can never predict how a link is going to behave. But that doesn’t matter if you skip right over it. This is the key to solving the problem once and for all.

This information was provided courtesy of Terra Security Inc.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.