Originally Posted by
owen
This whole thing about email link clicking has got to be dispelled. Clicking the link cannot infect the computer (major browser or email client hole). A download then execution of the payload must occur. Its probably a 2 step process. An infected Word, PDF, Excel or ZIP might be easily downloaded then opened by a user but I remember seeing office showing so warnings on possible infected files - not sure what libre office does. If a user gets a exe directly in a email and is somehow convinced to run it for a prize then the fact that they are not an admin user should be enough of a hurdle. Unless of course its kids that want to install roblox (never give kids admin rights).
Thanks for spelling it out. But you're right. It's not just clicking a link. It's allowing a script to run or opening a file. However, persons that click the link are usually the weakest link. I had a customer get ransomware twice from the same user. They clicked phishing links and opened the files. I had backups in place so the office was fine. But as I said. It just takes one. Or as Linkin Park said. It starts with one.
Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".