[CLICK] Is That Link Safe?

Category: Security

Is there danger lurking in that link? Do you know how to tell right away if a website (or link) is going to lead you into a world of hurt? A single click can lead to an unwanted download, a malware infection, stolen login credentials, or identity theft. Here are some practical tips and tools you can use to click smarter...

How To Tell If a Link or Website May Be Dangerous

The quotation “Eternal vigilance is the price of liberty,” dates back to the late 1790s. And though there is some argument over who said it first, it’s a particularly relevant dictum in this Internet Age. The human race has never enjoyed more liberty of ideas, communication, and personal action than we have since the Web emerged as The Great Enabler.

But the need for constant vigilance against danger on the Web is also at an all-time high. Every click of a link has the potential to deliver malware infection, silently and instantly. Every new site that we visit stands a good chance of being a trap whose jaws can close on us so subtly we don’t notice until we’re swallowed.

Even sites we have visited a thousand times and know well can be mimicked with frightening accuracy by the bad guys. Eternal vigilance is, indeed, the price we must pay for the vast liberty the Web gives us.

Eternal Vigilance required for safety online

We cannot rely on other people to keep us safe out there on the Web. Software alone cannot outwit the evil but highly intelligent and adaptable people who wish to do us harm. So-called “reputation services” such as Web of Trust are not much use, especially against brand-new rogue sites that have no reputation yet. The labels and reviews that WoT members assign to sites are often polluted by personal vendettas, branding good sites as bad; worse, the bad guys brand each other’s sites as “good.”

Nobody looks out for you as well as you can. So here is what to look out for, when you encounter an unknown site, or a familiar one that just doesn’t seem right.

Telltale Signs A Site May Be Dangerous

Raise your shields immediately if a site asks you to do something that seems unnecessary or out of the ordinary. You shouldn’t have to install a browser plug-in you’ve never heard of in order to view a site’s content. Registration of a username and password should never require a credit card, even if the site swears the card won’t be charged. A survey that asks where you bank, where you live, who your family members are, and other questions you would find impertinent from a stranger should set your alarms ringing.

If you see a message asking you to login and verify your account credentials (login, password, account number or social security number) be extra wary. Your bank or financial institution should never ask you for that information by email.

Unexpected email from strangers should always be approached cautiously. So should email that seems to be from someone you know (or a company you do business with) if it is “out of character” in timing, topic, or tone. If anything seems “off” about an email, approach it cautiously.

Do not click on any links in a suspicious email. Instead, hover your cursor over the link and right-click to reveal a drop-down menu. Select the option to “copy link address” without opening the Web page to which it links. Then go check out that URL (web page address).

Anti-virus software can protect you from malicious links and rogue websites, up to a point. Most popular internet security tools rely on “black lists” of known threats and viruses, and will block them from being downloaded or executed. PC Matic assumes the opposite, treating any unknown software as unsafe until proven otherwise. My article PC Matic - An Overdue Review explains why I switched to PC Matic last fall.

Look Before You Leap

The Google Transparency Report is a great place to start, because it reports on websites, and not just individual pages. The Zulu URL Risk Analyzer is a good tool to examine a specific web site. Just paste the suspect URL into the Analyzer’s input box and it will scan the target site for malicious content.

Virus Total scans a site using multiple antivirus engines. If the site has been scanned before and deemed malicious, Virus Total will warn you. If it has been deemed safe, Virus Total will report it safe; but that doesn’t mean it’s safe now, some time after it was last scanned by Virus Total. So trust only warnings, not assurances of safety.

If a URL has been shortened, it must be fully expanded before it can be scanned by Virus Total or another URL-checker. You don’t want to expand a shortened URL by actually fetching its target Web address; that could infect you with malware. Instead, copy the shortened URL to your clipboard and paste it into the form at Unshorten.it. The expanded URL will appear below the shortened one, and you can copy the latter to any place you wish.

A “secure connection” is vital when exchanging sensitive information, such a credit card details, with any site. Look at your browser’s address bar for the “https://” protocol symbol. The “s” in it means the current connection is secured with encryption so only you and the server to which you are connected can read the information exchanged. Your browser should warn you if a web server does not have a valid “digital certificate” to make secured connections. The certificate may - or may not - also authenticate the identity of the server and/or its owners.

Digital certificates are sold by “certificate authorities,” such as Verisign or Sectigo (formerly known as Comodo). To create differentiated products and make more profit, certificate authorities sell different levels of certificates. A basic certificate secures an https connection, but provides no assurances about the server or the people who own it. A more expensive one may indicate that the certificate authority has verified the legitimacy of the server. The most expensive “extended validation certificates” deliver the authority’s assurance that it has thoroughly verified the business or people who own the server, too; that is the most trustworthy certificate. See Comodo’s explanation of the different types of digital certificates. When you understand them, you will be able to tell what level of trustworthiness a certificate offers.

What has been your experience with suspicious websites, emails, etc. How do you protect yourself? Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 1 Jul 2019

For Fun: Buy Bob a Snickers.

Prev Article:
[LEARN] Online Schools For Adults and Kids

The Top Twenty
Next Article:
Here's How to Search The Deep Web

Most recent comments on "[CLICK] Is That Link Safe?"

Posted by:

01 Jul 2019

Hi, Bob,

This article is very important! Here is what happened to me: I received an email from "Emily" advising that my package would arrive . . . . I clicked on it, and immediately my files, photos, art work and . . ., were attacked by Ransomware, identified as Lockey. Those devils posted photos of themselves laughing and celebrating the damage they had caused. Their location appeared to be in South Africa. Your readers should NEVER click on an email they are not familiar with, regardless of how benign it appears. Needless to say, I never recovered from that attack, and was forced to purchase a new computer.

Posted by:

Warren T
01 Jul 2019

I use the Firefox browser. If you hover over the suspicious link, the browser window in the lower left corner will give an indication of what the actual URL is. If it does match where you think it is going, do not click it

Posted by:

01 Jul 2019

I'm assuming reader Linda knew an Emily who would sent her a package -- why else would she click on the link? Or am I misunderstanding what prompted Linda to click the link?

Posted by:

James Mills
01 Jul 2019

I have run into a few links on trusted sites (well... usually trusted... and the link doesn't look suspicious, but then...) when the link activated one of those annoying nag messages saying "Your computer has been infected. Call this number immediately or click on this link to start disinfecting process." or words to that effect. And then it won't let me close the durn window without bringing up task manager and doing a force close on my browser. Sometimes Firefox even wants to open the previously open windows when I restart. When that stuff happens I usually run PC Matic right away to check to be sure nothing got in. I don't know if there's any way to remedy those other than to say "Well, there's another site not to trust."

Posted by:

01 Jul 2019

Thanks for the great tips Bob. You can never be too careful! I was on Facebook a couple of years ago and a picture of Clint Eastwood was on the screen to the side of what I was reading. It said something like "Clint Eastwood reported dead". Since he's one of my favorite actors, I clicked on the picture and guess what? It was Ransomware site that infected my computer. It had a phone number to call, so I did, and they said it was going to cost me something for them to "restore" my computer! I asked how much and the guy said "Please hold on for a minute." When he came back I told him I'd "restore it myself" because I had backed it up, and then I hung up the phone and disconnect my computer from the Internet. I wiped the Hard Disk clean and then restored with Acronis. Thankfully, I had actually backed up my computer about a week before, so I didn't lose much.

Posted by:

Bob K
01 Jul 2019

I have the luxury of having my own domain name. (I say luxury, because it costs me under $15 a year!) As such, I give every business a different email address.

Several years back I received an email from Skype (before Microsoft bought them) advising a new version was available, and providing a link to click on to do the update. But, I noticed that email had come into an email address I had only given Citibank. Looking at the headers on the email, it had originated from the Philippines. The link provided was pointing to a site in Korea.

To me it was obvious Citibank had been hacked, but they would not admit it. That ended our relationship for a long time.

Posted by:

01 Jul 2019

If you look an your e-mail on a smartphone is there a way to determine origin of an e-mail without actually clicking on the message ? In other words,is there something you can do that would be equivalent to hovering your cursor over the message on a desktop computer ?

Posted by:

01 Jul 2019

I fell for it recently. Received a Facebook messenger message from a friend. Something like, ARE YOU IN THIS VIDEO? with a link to landpage.co I clicked it just because I HAD to see if it was me in that video and it asked me to log into Facebook with my password. Yes ladies and gents I fell for it. I immediately realized it, changed my FB password and moved on, with no negative consequences, fingers crossed. Oh, there was no video.

Posted by:

01 Jul 2019

I received an email that proclaimed: "SEE ANGELINA JOLIE DANCING NAKED! Click here." I clicked, and my computer immediately locked up.

I received absolutely no sympathy from my wife or any female friend, most of whom still think I'm some sort of pervert.

Posted by:

01 Jul 2019

Often there will be bogus emails about delivery etc. claiming to be from Amazon. It is used frequently because so many people order from Amazon. I almost automatically clicked on one because I indeed had an order on its way. But with my Xfinity email I just have to hover over the supposed sender and the email it originated from will show up. Get some from Japan, the Netherlands, Russia etc.
P.S. HowardL, you deserve no sympathy. ;)

Posted by:

01 Jul 2019

I should think formatting the computer's system disk and re-installing the OS would have solved Linda's problem. No need to buy a new machine.
Of course, that assumes installation media are available. Formatting a disk with a "Restore" partition is no help.

Posted by:

Tom Crews
02 Jul 2019

I recently had a very bad experience with Google Play Store.I went to redeem a Gift Card and received a notice that I was eligible for a gift. Stupid me (I know not to click on suspicious items - but you sort of trust Google. Well I was immediately charged $50 which was the amount of the Gift Card. Customer service says that this is not covered under their refund policy. I would think that they would have a whole chapter on this subject.

Posted by:

02 Jul 2019

In response to Don T, asking if I knew an Emily.
No, but it is not unusual for customer service reps to use their first names when corresponding. They never use their last name. Further, I was expecting a package, which is how I was duped into clicking on the email. Once I clicked on it, all hell broke loose. It was amazing how quickly that Lockey Ransomware destroyed my system and stole my art work (I'm an artist), photos, infected all my files, everything. Then they posted photos of themselves laughing and doing the thumbs up at the damage they had caused. It was a very disturbing experience. In my opinion, the individuals who commit these acts are demented, evil people who derive pleasure from destroying the property of innocent people who have never hurt them. They are DEVILS!

Posted by:

Angelo Mongiovi
02 Jul 2019

This is a VERY timely and relevant article.

My personal policy is that I make it a firm practice to not click on any link in any unsolicited email or on the web without hovering first to see where it is sending me. I have very little confidence in anti-virus because it's a constant arms race...bad guys find a hole, AV plugs it. The user is THE weak link. Google KnowBe4 -- they've turned that reality into a thriving business.

I read daily and generally learn something new. Thanks for doing what you do.

Posted by:

Emily Booth
02 Jul 2019

Years ago, when I had a blueberry iMac, I received an email from someone I knew which had an attachment. I clicked on it. The attachment did not open. My screen flickered. I got a virus. My friend's email got hacked. They said at the time it was impossible for Macs to get a virus. I did. I took it to a local techie. He could not fix it. He suggested hooking up a 2nd monitor. When I got the Mac home, I found a folder on the desktop with the virus. I deleted it. My Mac was running again. Since then, I've been very careful. Computer security has improved a lot since then. However, I had a recent experience of purchasing an item from a retail phishing website I found via google shopping. My credit card company refunded my money but many steps were involved. I will never purchase anything again on the internet that is not from a reputable retail website.

Posted by:

03 Jul 2019

Yesterday I failed the test myself and clicked on a link in a text on my phone to click and return the 6 digit Google Code, I still can't believe I did it. I don't use my phone for any banking or sensitive information and rarely even use it to connect to the internet. Any suggestion on what I should do now? Any way to verify if any damage was done? I do have PC Matic, but have never used any antivirus programs on my phone. Any suggestions appreciated. Thanks.

Posted by:

Charles A. Parker
14 Jul 2019

After reading the comments here this is very true “Eternal vigilance is the price of liberty,”

Posted by:

14 Jul 2019

Do not click on any links in a suspicious email. Instead, hover your cursor over the link and right-click to reveal a drop-down menu. Select the option to “copy link address” without opening the Web page to which it links. Then go check out that URL (web page address).
So I hovered over Google Transparency Report right clicked and selected copy link address. The box went away, so maybe this is showing my ignorance but now what? I don't know what to do next.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy

Article information: AskBobRankin -- [CLICK] Is That Link Safe? (Posted: 1 Jul 2019)
Source: https://askbobrankin.com/click_is_that_link_safe.html
Copyright © 2005 - Bob Rankin - All Rights Reserved