How to Spot a Link You Shouldn't Click On

By David Nield on at

Even as our tech gets increasingly sophisticated and intelligent, sometimes it’s falling for the oldest tricks in the book that breach the security walls we’ve put in place—like clicking on dodgy links or shady attachments that we shouldn’t. You don’t have to get tripped up by these simplest of scams though, if you know what you’re looking for.

Unfortunately for the security-conscious, there’s no exact science to knowing what’s genuine and what isn’t, but with a bit of practice and some common sense you can stay on the right side of the digital tracks. Keeping your computer secure is as much about developing good habits as it is spending money on smart security software.

Fraudulent links to websites or files can pop up via email or over social messaging, So your first check should be to see who’s sent the communication: is it someone you know or someone you’ve never heard of? In your email client, view the full header of the message to see both the sender’s email address and the reply-to address—not just the displayed name, which may be a false one.

View email headers for full details.

On social media, click through to the attached profile or do some quick online research about the person getting in touch with you.

A little investigative work helps when you get suspicious emails from friends and family to. Your friends and family can get hacked if they’re less careful about security than you are, and that means a dodgy link can come from a reputable source. Your next check should be on the context around the link or attachment: if it comes with very little explanation or context, or and explanation that makes no sense, or any kind of pressure to act fast, be very suspicious.

You don’t lose anything by replying to an email or IM message from a friend or colleague and asking if they link is legit—it pays to take your time and do your research. Nothing is ever as urgent as you think.

Though, if you’re on Facebook or other social media sites try reaching out to the friend or family member via a different method. Some bad actors like to create clones of social media accounts. If you think that’s happened you can report them with a click.

Double-check links you get sent. 

Even looking at the sender and the context of a message isn’t always enough to spot something dangerous, and the cleverest phishing emails will use some personal details about you culled from the web or from data breaches. Even for genuine-looking emails, be wary of following links that ask for personal information, and if in doubt, head to the relevant site directly (like your bank or your email app) and log in from there rather than following the link embedded in the message you’ve received.

If you’re tempted to click on an authentic-looking link and it opens up in your browser, there are more clues to look for: does the URL match the one in the email, and is it the one you were expecting? If you’re being asked to log in somewhere (maybe to reset a password), is the site HTTPS protected?

Look for the green lock when logging in.

In fact on most desktop email clients you can hover the mouse cursor over the link to see if it’s what you were expecting before you click, which might help you against something like this.

In this case an embedded image was dressed up to look like an attachment. Be especially cautious with sites or emails that request personal details, like your social security number or credit card number, or anything else that scammers might want to get hold of.

Also, the well-established trick of looking for bad spelling and grammar still holds true in 2017. It seems cyber criminals haven’t become any more literate down the years.

All the tips we’ve mentioned for spotting fraudulent links on the web and in emails also apply to dangerous attachments as well. Ransomware is often delivered through shady attachments, security firms report, so you’ve got plenty of reasons to be wary of anything in your inbox, no matter what the file format of the attachment.

Gmail’s attachment previews can help spot problems. 

You should only open attachments you’re expecting from people you know, no matter how enticing the sales pitch. Be especially suspicious of attachments that can run code, like JavaScript (.js) files and Office documents with an “m” on the end of the extension—these are files with macros embedded. Malware is often hidden inside archives as well, so avoid opening up Zip files and the like unless you’re sure about their contents.

The tools you use every day are here to help: Gmail automatically scans attachments for viruses, while most modern browsers will warn you about dangerous or fraudulent sites that have been previously reported, without you having to lift a finger. Those aren’t reasons to get complacent, but extra safety nets are there should you need them.

A lot of these built-in security features rely on the most up-to-date definitions, and so (as we’ve said many times before) you shouldn’t neglect updates and patches that pop up for your OS, email client, or default browser—in fact it’s getting more difficult than ever to put off these updates for exactly this reason.

More Security Posts: