On the internet you will barely find a place without any kind of reference in the form of hyperlinks – or links in short. They will lead you to another page and you’ll not always be able to reliably tell its destination.
This can sometimes even be dangerous in regard to data security and identity theft.
But how can we find out if a link is safe to click on or not?
You might have heard about it at some point or another: “Be careful about what you click on” or “don’t click on that link, it’s a fraud”. While saying that, your counterpart might even have slightly rolled their eyes.
Not being on used to the things you should watch out for on the internet is not a crime, though. And be assured: Those mistakes happen to other people all the time.
But how can you tell, if a link is leading you where you intend to go or somewhere else?
Steps to Take When Checking Link Safety
Is there a way to check, if a link is safe?
Yes, fortunately there’s not just one, but a number of ways.
Check The Domain Name Carefully
As a first step, you should take a close look at the domain name in the link.
Altered spelling of a domain name is an almost certain sign of a scamming attempt. For example, phishers may use something like http://www.1egitimatebank.com instead of
Did you spot the difference?
The first one uses the number 1 instead of the letter l. Easy to miss if you don’t look carefully.
Another common ploy is to substitute the letter O with the number 0 (zero).
Get in The Habit of Hovering!
Have you noticed this useful function before, when resting the cursor on certain items?
Get in the habit of first hovering over the link with your mouse cursor before clicking on it. This will show you the actual address that the link represents.
Also, if you’re in doubt about a link, locate the organization’s URL address using a search engine instead of the link provided in the email.
https Is Always Better Than http…
Another good way to check link safety is to make sure a site which requires you to enter financial details uses https and not http.
Secure sites such as online banking or e-commerce sites will always use the more secure form of http known as https. This ensures that your data is sent encrypted across the Internet to the website.
https:// will be displayed in the URL address field of the browser with a security padlock icon next to the address.
If you double-click on the padlock icon, the security certificate for the website should be displayed.
…But Can Also Be Fake!
The fact that a site uses https:// and displays the padlock icon doesn’t by itself mean that it’s genuine. It’s still possible – though less likely – for it to be a spoof.
If the security certificate isn’t displayed, you receive a message saying the URL address of the site does not match the certificate, or that the certificate is not to be trusted, then it is most likely a spoof with someone waiting to get hold of your credentials.
So even for an https site, you should still double-check the website address in your browser’s URL address field. If the address looks odd, then don’t go any further until you’ve verified it with the company or organization.
How to Check If a Shortened Link Is Safe
Are you one of 313 million people using Twitter? If so, you will have noticed people often use shortened links – to save space, obviously.
In this case, hovering over the link doesn’t help much.
For shortened links, you can use the “preview” function. If you enter the shortened bit.ly URL in your browser with a “+” at the end, it will report back information about the site that the shortened link leads to.
You can also copy and paste the address of the website to which the shortened link points into getlinkinfo.com and see what the result is.
Who Creates Malicious Links?
While there might be some links that you want to check without suspecting a criminal background, with most of them you probably will. Nowadays, online scam is a bigger deal than ever before.
The creators of malicious links are called phishers and mostly try to disguise themselves as known financial service websites – such as banks, credit card companies and the like. According to Symantec, almost three quarters of all phishing attacks are related to websites of financial organizations.
Another popular target are the websites of parcel delivery services and well-known e-commerce names.
The goal is to steal your financial or other information and, as a result, your money.
Phishing links can be found on website pages, however, they’re most often contained in emails sent out by their creators.
And the problem is getting worse as the number and sophistication of online phishing scams increases.
In case you’ve never heard about it, two-factor authentication is a good measure to enhance security. E.g., you can use your wearables to boost online security.
Talking about email-based scam, you should also inform yourself about ransomware, which has become another dangerous trend, lately.
Recognizing Phishing Attempts and Links
Since phishing mails are a mass product, there’s some things that most of them have in common.
With these tips in mind, you should barely fall victim to a phisher:
How Does the Email Sender Address You?
One indication of scams is that their senders tend to use impersonal forms of address such as “Dear Customer” or “Dear User”, rather than using your actual name.
Alternatively, they may address you by your email name as contained in your email address before the @ sign. So the email can contain an odd-looking solicitation, like for example:
Check The Email Sender Header
Take a look at the full email address, not just the short one which is typically displayed by your email app. That’s just a shortened version of the full information about the sender.
You can display the full email sender information header in your email app or your browser window by clicking on the button or option that says “Display full header” or similar. This will then give you the full information about the sender of the email.
Beware of Requests to “Verify” Your Details
Phishers are obsessed with getting people to “verify” their details.
When was the last time you received an email claiming to be from your bank, asking you to verify your account because of an urgent safety issue?
Or have you ever received an email from what seemed to be a parcel service at the first sight, telling you about a shipment that’s on its way to you (where you might not even have ordered anything) and asking you to confirm some item of information?
This is a common phishing ploy to get access to your personal bank account and you should definitely not respond to that or give away critical information.
If you’re uncertain, first check the website of the service or give them a call. Don’t accept what the email tries to claim without verifying it first.
Alternatively, if you doubt the authenticity of the request, you may go to the website (not by clicking a link in the email!) and perform the requested action there.
Legitimate businesses don’t usually ask you to provide or verify sensitive information through email with threats of action in case of no response.
Warnings, Threats, And Deadlines Are a Common Favorite
Oftentimes, threats and deadlines are good indicators of a phishing attempt.
They like to use an element of threat or intimidation, or offers of a gain which you could miss out on. If you don’t take the action requested, they may tell you your account could get blocked or closed, a fee incurred, or legal action would be taken.
Use Online Services to Inform Yourself
Other handy tools to check a link for safety are the APWG website at www.antiphishing.org or PhishTank.com for the current list of known phishing attacks.
PhishTank is a free information community site where anyone can submit, verify, track and share phishing data. Reporting the attack to these organizations will help protect others from being defrauded by phishers.
What If You’ve Clicked On What Looks Like a Phishing Link?
If you’ve been taken in by a phishing link and already entered your login details or other sensitive data into the site, then you should go to the real website immediately and change your passwords and login details.
Also contact the organization concerned and inform them about the incident. You should forward any suspicious looking email you receive to the company or organization it claims to be from.
You can usually obtain the correct email address from the genuine website of the organization.
You should also report the phishing attack to an organization which monitors and tracks phishing attempts such as the Anti-Phishing Working Group or PhishTank.com mentioned above.
You can find out more about phishing and how to protect against it in the latest Internet Security Threat Report published by Symantec.
Whenever you’re unsure about a link in general, this is the expert knowledge you can refer to for checking, if it’s safe to click on or not:
• Watch out for substitutional digits for letters in URLs
• Hover over links to find out where they actually lead
• https is safer than http. Check the certificate, however
• there are services to check shortened links
And for the next time there’s an “urgent” request from your bank or parcel service in between all of your daily email, these are the things you should look out for:
• Bad language often indicates a scam
• Don’t be compelled by artificial urgency
• Don’t give away sensitive information in emails or places they lead to
• Be wary if you’re addressed impersonally or oddly
• Check the senders full address
• if you got hacked by a phisher, change your passwords and login immediately