It’s all well and good to practice caution when clicking on links in your emails, but chances are you’ll eventually have to commit to clicking on one of them, whether you like it or not. In cases like this, it’s best to go against these links armed with as much information as possible about what they are. Let’s go over how you can check their legitimacy quickly and effectively.
There are many reasons why you might not want to trust a link, like if it comes from someone who you don’t know or trust. Even if the link has been sent by someone who is worthy of your trust, they may have been compromised long enough to send the link. If you absolutely cannot verify the identity of the person who sent the message, then you should use secondary means to determine who the sender is, like a phone call, and always be very careful with the link in the meantime.
In a business environment, this is of critical importance, as you don’t know if the actions of your employees or colleagues could bleed into the workplace and show up in the form of compromised accounts and suspicious messages. It’s best to train your team on how to avoid malware and phishing attacks before it’s too late to do so.
A link can be considered any text or graphic that is clickable and redirects you to another page in your browser. The link can take many forms, like with the https:// at the beginning or just simple text on the page with a hyperlink attached to it. It could also be a simple image with a link hooked up to it.
For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29
Or the link could also look something like this: Get Started with PayPal
If you’re paying attention, you might have noticed that the above link doesn’t actually go to PayPal, and that's exactly the point of this story. It’s extremely easy to make it look like a link goes somewhere when in reality it goes somewhere else.
It can be even more challenging to make this call when the link is embedded in a graphic, icon, or button, but with some knowledge, you can make sure that most links are safe before you click on them. Use the following strategy:
On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”
Now you have the link copied, and you can paste it into one of the tools below with CTRL+V (or right-click and select Paste)
On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”
Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.
We recommend that you consider cross-referencing suspicious links with some of the tools listed below:
Norton Safe Web
Norton provides a free online tool that allows you to check links in its database. It will provide a rating based on how safe or dangerous it feels. If the link hasn’t been tested by Norton and it cannot provide a rating, then you should follow up your testing with another of the tools below. https://safeweb.norton.com/
With PhishTank’s link checker, you get a tool that can tell you if a link has been a part of a phishing scam. Since phishing scams can look very real, it can be difficult to tell them from the real thing. You can use PhishTank’s tool here: https://www.phishtank.com/
Google’s Transparency Report
Google has its search engines constantly crawl and index pages on the Internet, and as you can imagine, it finds a lot of malicious websites and phishing risks. It documents these in its transparency report, and you can use this tool to see if your link is a part of it:
Scan the Link with VirusTotal
VirusTotal provides a scanning tool that you can use if the other options aren’t giving you the results you need. Use the tool here: https://www.virustotal.com/gui/home/url
Now, these tools are all well and good as long as the link has been a part of a phishing attack, but if it hasn’t been documented, then the above links might not be so helpful. We recommend you always err on the side of caution by checking anyway.
OnSite I.T. can provide the support you need to address any potential security issues. To learn more, reach out to us at (403) 210-2927.