Cybercriminals can infect otherwise reliable websites with malware that runs code on behalf of the criminal. If you visit a compromised site, you could see pop-up windows with messages that look trustworthy. However criminally injected popups are dangerous, designed to steal information and passwords.
An example of such a scam is an urgent warning telling users to update their web browser, or an unexpected prompt to enter a username and password. A hacker can use this type of malicious pop-up message to:
- Trick you into downloading dangerous software
- Get access to your device and files
- Redirect you to another site
- Capture your username and password for further misuse and impersonation
- Fool you to click some downloading harmful file software like a virus or ransomware to gain a foothold as part of a larger attack
Some Industry Sites Pose a Challenge
Hackers have been speculatively targeting vulnerable content management systems, including blogs, unpatched websites, and servers.
Still, many of the compromised sites contain industry-specific content with many monthly visitors. Because website owners are unaware that their site has been compromised, they can accidentally subject partners and customers who visit the site to malware and attack.
Though any organization’s users could encounter compromised websites, below is an example of industries that hackers usually prioritize their efforts towards:
- Financial investing
How can you protect yourself?
It is important to stay alert when browsing online, even on websites that you visit regularly. Some tips below on how you can guard yourself, and your employer:
- Take note that even popular websites can be compromised. You could run into malware and other security risks on any site, including those you visit frequently.
- Think before you act. Do not blindly accept an update or security request, in fact this should not appear on website at all. If unsure, reach out to an IT professional before clicking anything.
- Stay on top of security. Remember to protect your system, always follow the authorized software update policy, and ensure your antivirus and endpoint security is up to date.
- Perform evasive maneuvers. If you see a pop-up that is suspicious or are suddenly redirected to a different site unexpectedly, close the site tab and then the browser itself. Ask an IT professional to check the site before visiting again.