With the European month of cybersecurity in progress, thousands of users and companies look back in front of a problem that reinvents itself year after year: online crime. Despite the awareness campaigns promoted by the agency of the European Union for Cybersecurity (ENISA), false beliefs persist that end up becoming the entrance door of many attacks.

In this scenario, Palo Alto Networks has wanted to dismantle five of the most widespread myths around digital security, with the aim of alerting about how ingenuity remains one of the greatest allies of cybercriminals.

5 cybersecurity myths

The European month of cybersecurity recalls every year that the great challenge is not only technological, but also cultural: eradicate myths and promote responsible habits in navigation.

Despite the awareness campaigns promoted by the European Union Agency for Cybersecurity (ENISA), false beliefs persist that end up becoming the entrance door of many attacks

And although the digital adversary never sleeps, information and caution remain the most effective weapons to stop the step:

1. What seems harmless can be the perfect trap

One of the most dangerous beliefs is “visiting a suspicious site is harmless if I don’t enter data.” The reality is another: in many cases, it is enough to load the page for the attacker to execute malicious code. From silent downloads to Zero-Day vulnerabilities, tactics go far beyond clicks. “Closing the tab does not guarantee that the damage has not occurred; often, the tracking or discharge have already begun in the background,” the experts warn.

2. “A QR code in a public place is reliable”

The normalization of the use of QR codes in everyday life has not gone unnoticed by cybercriminals. What was born as a practical tool in restaurants or parking lots has become a perfect vehicle for phishing. It is enough to remember the posters in the center of Madrid with trap messages and hidden links after manipulated codes.

3. “I detect phishing for the logo or design”

Another frequent myths is to think that a user can easily detect a phishing attempt by looking at the web or logo design. Today clones are practically identical to the originals. UNIT 42 investigations, Palo Alto Networks’s intelligence team reveal that some cybercriminals even incorporate human verification systems to avoid automatic trackers and run only to real users to false pages.

“The attackers no longer improvise: they use redirections from legitimate domains and build perfect portals of banks, restaurants or parking. For the average user, distinguishing them is practically impossible,” they point out from the company.

4. “If something doesn’t fit me, I close and that’s it”

Closing the tab does not eliminate the risk. In the first seconds of navigation, the page may have compiled sensitive information, starting downloads or executed malicious code. Often, fraudulent websites then redirect to real pages to hide the trap.

5. “The risk is the same on the personal mobile as in the company”

Another perception error is to believe that the level of risk is the same on the personal mobile as in the corporate. Nothing is further from reality. Particular devices lack, mostly, advanced detection systems, regular patches or URL filters, and are used massively in everyday situations such as scanning menus, making fast payments or leaving reviews. All this makes them a priority objective.

According to Unit 42 data, Phishing attacks via SMS, shortened links or QR have become generalized in Spain and in the United States, affecting critical sectors such as health, energy or education.

How to avoid cybersecurity gaps

Recommendations to reduce exposure to these threats are as basic as effective if they are constantly applied. Among them, maintain browsers and operating systems always up to date, avoid links or QR codes of doubtful origin and check web addresses with Osint tools such as Virustotal.

To this is added a key advice: never trust with closing the tab. The closure of the window does not erase the traces that the malware may have left in seconds. Prevention also goes through not introducing credentials after receiving a link in SMS, Correos or QR, and relying on advanced solutions such as EDR, antivirus or DNS filters both in corporate and personal devices.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.