What Happens If You Click On Links In Phishing Emails?

People keep expressing their doubt that a single click can do anything really bad. I'm going to further explain in this pinned comment...
The old version of YouTube Creator Studio had a very serious vulnerability to CSRF attack - an attacker could present a link that when clicked would add the attacker as a 'manager' with full privileges on the victim's YouTube channel (assuming the victim was persistently logged in). A single click would do it as this feature did not prompt for any further authorisation or confirmation. The attacker would then shut the victim out of their own channel and take it over. This happened to a lot of people and it only stopped happening when YouTube retired the old Creator Studio pages and migrated everyone to the new one.

This vulnerability was not announced and I believe the reason for this is that they couldn't fix it; announcing it would have made the problem vastly worse. Instead, they focused on migration, which, I believe is why the Studio migration project was so aggressively pursued.

And in my former role in IT management, I have had to respond to many malware incidents - at least two of which were both very serious (threatening serious impact to systems), and verifiably were initiated by a single click on a link. *Don't tell me it can't happen - I've seen it with my own eyes, * as well as the damage it can do.

AtomicShrimp

That's why rickroll was invented, to teach people not to blindly click on links.

seriousnorbo

Our IT department sends fake ones to staff....open it once...you get re-training, open it again in a 12 month period, you get HR discussion, open it again and you're turfed.

KSPRAYDAD

Moral of the story: you’re not as cool as this guy, don’t go around trying to prank scammers

rdood

"I recorded you (through your webcam) satisfying yourself"

Me: oh how cute, my pc doesn't even have a camera :|

trillionviews

I got an email from my old buddy Brent asking me if I wanted to go fishing. Since I know about these fishing scams I was smart enough to block him and report his email address to the police. Thanks, Atomic Shrimp!

mjdxp

Hello there, John Warosa here. Were here to tell you that you just got the copyrite. Please click *HERE* to not get the copyright stryke.

sweett

I ignore so many spam calls, texts, and emails that if I ever genuinely get contacted by someone important, they’ll also be ignored. My sister was offered a job from the actual FBI and ignored it thinking it was a scam.

catheriney

My mom has been complaining about general slowness on her computer, turns iut she had a mining virus.

The cpu (8th gen i7 4 core laptop chip) was at 5% after startup and after 15 minutes it went up to about 70%.

I recovered all the files she needed and nuked the entire drive, and got a new windows install going and pointed her towards your email scam videos.

baccarah

"We detected artificial traffic on your youtube channel but we don't know your channel's name or url! Send info!"

legion

“better be safe than sorry” and I think this idiom fits this video perfectly.

sirgemishofcamelot

Generally speaking, if the email with a link is not a direct response to your action (password recovery, 2 factor authentication, etc), its best to assume its malicious. Even if it is something coincidentally arriving after an action you did, if the message is not expected, best to assume its malicious unless proven otherwise. For example, I placed an order on Amazon and almost instantly got an email claiming there was a problem with my recent order. Rather than trusting the email, I just checked my Amazon acct and saw there were no issues at all. It was just a scam email with good timing (or bad timing, depending on how you look at it).

randomstuff-qush

Although typically quite cautious, I've never once questioned an "unsubscribe" link in a promo email.

President_Starscream

But a Nigerian prince wants to give me $300, 000, and all I have to do is pay for the processing cost!

bibasik

I’m scared of my emails in general. I’ve got hundreds of thousands of unread emails dating back to middle school. 😂😂

kickboxs

A good tip when you receive a suspicious email is to go to manually log in your account in whichever website the email claims to come from. For example, if 'Paypal' is telling you your account got frozen, go to your browser and log in Paypal.

If it is a real notification, it should manifest in a way or another.

SonyShock

Something that took me a while to realise is that there are actually some pretty smart scammers out there, you don't have to be dumb or technology incompetent to fall for a scam.

RetroPlus

I wanted to watch this video but i was afraid to click on the link. Could someone let me know what it was about please! Thanks!

stupidas

"What happens when you click on links in phising emails?"

*I'd probably get Rick Rolled*

lebendig

I only open emails in a virtual machine installed on a computer I never use, and even then I keep a gun on the desk in case shit gets real.

SuigaRou