Can a broken website be a security risk?

Phishing Attacks Enabled by Broken Links

A phishing attack is a type of online scam in which an individual tries to trick the victim into revealing sensitive information, by pretending to be a legitimate organization. This can be done by finding broken links and redirecting them to a fake site that looks legitimate but is controlled by the attacker. For example, you receive an email, claiming to be from someone at your bank. The email asks that you update your personal information, when you are prompted to input your login information on a fake site, that information is logged and sent to the attacker who now has access to your bank account. Phishing attacks enabled by broken links can be difficult to detect because they often use sophisticated tactics to trick the victim into believing that the email or message is legitimate. Errors such as spelling mistakes, suspicious links, and requests for sensitive information will help you identify these scams.

Malware Downloads

Attackers can use broken links to infect an organization’s network with malware, which is software that is designed to disrupt, damage, or gain unauthorized access to a computer system. Malware can use broken links to compromise employee security. If they click on the link, they may be directed to a website that downloads malware onto their computer.

Protecting Yourself from Broken Link Attacks

1. Regularly checking and updating links

This can be done manually or by using tools such as W3C Link Checker.

2. Using redirects

If you need to remove something from your site, it is a good idea to have the old link redirect to something related to the removed content.

3. Verifying the authenticity of links

To help avoid sharing malicious links it is important to verify the authenticity of any links before sharing them.

4. Updating or removing broken links

When broken links are identified it is important to update it to a new link or remove it altogether. It is ideal  to remove links before removing or relocating content, but this isnt always done perfectly.