Phishing and spam emails can use 2 methods to infect your computer, infected attachments, and URL links to malicious websites. Attachments can be saved to your local Downloads folder and scanned for threats prior to opening the file. However, it’s been more challenging to evaluate URL links for threats on the remote website.
Web-based URL scanning services have become commonplace to test links in an email you’ve received. Better to test the URL before you use a web browser to go to a malicious website, which can download malicious content that can infect your computer. There are good URL scanners, and at least one to stay away from.
Risky URL Scanner: ScanUI (https://urlscan.io) DO NOT USE!
First, notice the “Recent Screenshots” section? These are available publicly and will often contain various screenshots from sessions running on the website or server, some of which may contain snips of spreadsheets and other work being done in connected sessions. Confidential information can be scraped from these screenshots by anyone, as they are made available publicly.
Second, notice the “Recent Scans” section? All scans of a website or server are made publicly available, and each recent scan may contain screen shots of connected sessions during the time of that scan.
This site should be avoided, and under no circumstances should you ever enter your own company website or server into urlscan.io. A better alternative would be to use the following “good” URL scan site.
Good URL Scanner: VirusTotal (https://www.virustotal.com/gui/home/url)
Your technology Partner,
The LeeShanok Team
Phoenix: 602-277-5757 | Tucson 520-888-9122 | firstname.lastname@example.org