[ETERNAL VIGILANCE] Is it Safe to Click?

Category: Security

Your mouse hovers over a link... your finger is poised to click… but you stop to think. Is there danger lurking behind that click? Do you know how to tell right away if a website (or link) is going to lead you into a world of hurt? A single click can lead to an unwanted download, a malware infection, stolen login credentials, ransomware, or identity theft. Here are some practical tips and tools you can use to click smarter…

How To Tell If a Link or Website May Be Dangerous

The quotation “Eternal vigilance is the price of liberty,” dates back to the late 1790s. And though there is some argument over who said it first, it’s a particularly relevant dictum in this Internet Age. The human race has never enjoyed more liberty of ideas, communication, and personal action than we have since the World-Wide Web emerged as The Great Enabler.

But the need for constant vigilance against danger on the Web is also at an all-time high. Every click of a link has the potential to deliver a malware or ransomware infection, silently and instantly. Every new site that we visit stands a good chance of being a trap whose jaws can close on us so subtly we don’t notice until we’re swallowed.

Even sites we have visited a thousand times and know well can be mimicked with frightening accuracy by the bad guys. (See Here's Why Phishing is Getting Worse.) Eternal vigilance is, indeed, the price we must pay for the vast liberty the Web gives us.

Eternal Vigilance required for safety online

We cannot rely on other people to keep us safe out there on the Web. Software alone cannot outwit the evil but highly intelligent and adaptable people who wish to do us harm. So-called “reputation services” such as Web of Trust are not much use, especially against brand-new rogue sites that have no reputation yet. The labels and reviews that WoT members assign to sites are often polluted by personal vendettas, branding good sites as bad; worse, the bad guys brand each other’s sites as “good.”

Chrome, Firefox, Edge, and Safari web browsers have anti-phishing and anti-malware capabilities, meant to protect users from clicking malicious links. But there's no guarantee those filters are perfect, or 100% up to date.

Even the software that’s supposed to sniff out potentially malicious websites can suffer from false positives, branding legitimate ones as harmful. This happened to me recently, when McAfee slapped AskBobRankin.com with “suspicious content”, “potentially unwanted programs”, and “malicious website” labels that blocked their users from visiting. It took three weeks and 14 emails with McAfee support to convince them otherwise. I had to show them evidence that 79 other link checkers, and every other major security vendor showed my site as safe and malware-free. (See I'm Positive... It's a False Positive! for that story.)

Telltale Signs A Site May Be Dangerous

Nobody looks out for you as well as you can. So here is what to look out for, when you encounter a suspicious link, an unknown website, or a familiar one that just doesn’t seem right.

Raise your shields immediately if a website asks you to do something that seems unnecessary or out of the ordinary. You shouldn’t have to install a browser plug-in in order to view a site’s content. Registration of a username and password should never require a credit card, even if the site swears the card won’t be charged. A game or survey that asks where you bank, where you live, who your family members are, your pet’s name, and other questions you would find impertinent from a stranger should set your alarms ringing. (Those are common ways for scammers to get the answers to your security questions.)

If you see a message asking you to login and verify your account credentials (login, password, account number or social security number) be extra wary. Your bank or financial institution should never ask you for that information by email.

Unexpected email from strangers should always be approached cautiously. So should email that seems to be from someone you know (or a company you do business with) if it is “out of character” in timing, topic, or tone. If anything seems “off” about an email, put down that mouse and back away slowly.

Do not click on any links in a suspicious email. Instead, hover your cursor over the link and right-click to reveal a drop-down menu. Select the option to “copy link address” without opening the Web page to which it links. Then go check out that URL (web page address).

Anti-virus software can protect you from malicious links and rogue websites, up to a point. Most popular internet security tools rely on “black lists” of known threats and viruses, and will block them from being downloaded or executed. PC Matic assumes the opposite, treating any unknown software as unsafe until proven otherwise. My article What's New in PC Matic? explains why I replaced my antivirus software with PC Matic.

Look Before You Leap Think Before You Click

The Google Transparency Report is a great place to start, because it reports on websites, and not just individual pages. The Zulu URL Risk Analyzer is a good tool to examine a specific web site. Just paste the suspect URL into the Analyzer’s input box and it will scan the target site for malicious content.

Virus Total scans a site (or a download) using multiple antivirus engines. If the site or file has been scanned before and deemed malicious, Virus Total will warn you. Remember above when I said that I was able to provide 79 reasons why McAfee should unblock my site? VirusTotal checks dozens of sources to see if any have reported unsafe content. You can check a website, or upload a file of your own to be scanned.

If a URL has been shortened, it must be fully expanded before it can be scanned by Virus Total or another URL-checker. You don’t want to expand a shortened URL by actually fetching its target Web address; that could infect you with malware. Instead, copy the shortened URL to your clipboard and paste it into the form at Unshorten.it. The expanded URL will appear below the shortened one, and you can copy the latter to any place you wish.

Note: When using a smartphone, you can't place the mouse cursor over a link as you can on a desktop. Instead, press and hold the link, and you'll get a popup which allows you to view, copy, or share the link address without opening it.

A “secure connection” is vital when exchanging sensitive information, such a credit card details, with any site. Look at your browser’s address bar for the “https://” protocol symbol. The “s” in it means the current connection is secured with encryption so only you and the server to which you are connected can read the information exchanged. Your browser should warn you if a web server does not have a valid “digital certificate” to make secured connections. The certificate may - or may not - also authenticate the identity of the server and/or its owners.

Digital certificates are sold by “certificate authorities,” such as Verisign or Comodo. To create differentiated products and make more profit, certificate authorities sell different levels of certificates. A basic certificate secures an https connection, but provides no assurances about the server or the people who own it. A more expensive one may indicate that the certificate authority has verified the legitimacy of the server. The most expensive “extended validation certificates” deliver the authority’s assurance that it has thoroughly verified the business or people who own the server, too; that is the most trustworthy certificate. See Comodo’s explanation of the different types of digital certificates. When you understand them, you will be able to tell what level of trustworthiness a certificate offers.

What has been your experience with suspicious websites, emails, etc. How do you protect yourself? Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 20 Jul 2021

For Fun: Buy Bob a Snickers.

Prev Article:
This is How Spammers Get Your Email Address

The Top Twenty
Next Article:
Geekly Update - 22 July 2021

Most recent comments on "[ETERNAL VIGILANCE] Is it Safe to Click?"

Posted by:

Renaud Olgiati
20 Jul 2021

Firefox users: Bring the cursor on the link, and look botto left of the Firefox window: the URL of the link will be displayer.
So you can immediately spot a number of bad uns', like totototo.pdf.exe...

Every morning, look at yourself in the mirror, and do not ask yourself "Am I paranoid ?", but "Am I sufficiently paranoid ?"...

Posted by:

bob k
20 Jul 2021

I have my own domain name. Really not very expensive, if you shop around! As one advantage, I can hand out unique email addresses at will. EVERY commercial site I visit that wants an email address gets one that is unique for them.

When I get an email telling me I need to update a program, and to click on a link, and it comes addressed to an email address that doesn't fit -- I get very paranoid.

Learn to read email headers, and determine where an email originated. Today I received an email with an offer from GEICO, that originated in the Ukraine. A Control-U will give you the source of an email, and simply doing a forward will let you see the body of the email without opening it. Opening an email lets it execute any links out to sites on the internet, either to just get a read confirmation, or to download things you may not want.

Posted by:

Trevor Westwood
20 Jul 2021

I've been using a program called Mailwasher Pro for many years. Before I download any of my email to my Outlook it shows me the email on the server.
If it recognizes spam it marks for deletion. I can go through all my email and if I notice any suspicious email, I can check the source and have Mailwasher mark as spam. It works.

Posted by:

Michael H
21 Jul 2021

Many years ago, Outlook had a ‘preview’ email window where it will show in text format what all the email included, even the strange looking characters that are attached for the email delivery system for recognition. Now Outlook does not longer have that text only window so now I open suspicious looking email using Notepad. I can see the ‘real’ email address that send it, my email address to where it was sent to, the return path, the whole message (in text), other information that I am not sure what it is and of course the wingdings looking characters.

Posted by:

Peter Oh
21 Jul 2021

One of the best & most informative posts seen recently.
I use Opera & I am unsure if some of the "tricks" in both the post & comments are applicable.
Regardless I don't really understand exactly what is involved in some of the comments.
" opening with Notepad - this option not available on my PC? Similarly Contol U just results in multiple pages of unintelligible script.

Posted by:

bruce margolis
21 Jul 2021

Watch out for SCAREWARE. It happened to me 4 different times. You're on the internet and all of a sudden multiple screens pop up on your screen making loud noises and saying that you have a virus and you must call the Microsoft number down below. If you turn off your computer you will download the virus and lose your files. I found out from Vipre(anti-virus company) that it's harmless. They want you to call the phony number and when you speak with them they give you instructions on how to download software that will give them access to your computer. Very sad about these low lives that they have to scam people out of their hard earned money.

Posted by:

Brian B
21 Jul 2021

@ Bruce margolis, make a note of the address of the site you are on when this message comes up. That's where this message has come from, possibly piggybacked on something genuine, and unknown to the site you are on. Nevertheless, it's a site you should mark as malicious, and steer clear of Of course, if you are using PC Matic as Bob recommends, this type of intrusion would not occur,

Posted by:

Robert A.
22 Jul 2021

Bruce Margolis: I've had those screens pop up several times. Multiple screens open and a mechanical voice warns of an imminent virus download. I've learned that its just a scare tactic, but it seems to not respond to clicking on the "X" to close it down. I just hit the power button on my computer, then let it do a reboot, and, voila, it's gone. Try it, it works.

Posted by:

Brian B
22 Jul 2021

And don't forget to blacklist the site you were on when it appeared!

Posted by:

22 Jul 2021

If you get suspicious email containing your bank's logo or credit card logo, notify bank but do not use phone number in that email. My banker was grateful to be notified so their fraud dept could go after the cybercrooks. For credit card phone number use the one on the back of your card. Be sure to report every instance. I've received a few well-worded emails that almost seemed valid, but were scams. Huge problem for unsuspecting people. Thanks Bob!!

Posted by:

Willard Fredrickson
28 Aug 2021

I hate to admit it but I also fell for the
SCAREWARE tactic...got ivolved to my peril...
finally came to my senses....cleaned my drive...
no malware found...but the SCAREWARE pops up at
to become the home page. When I access
my files or the internet it goes away....only
to return on sign-up....can't seem to get rid of
it. Would appreciate any ideas....it hasn't affected
any files or programs but really annoying

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- [ETERNAL VIGILANCE] Is it Safe to Click? (Posted: 20 Jul 2021)
Source: https://askbobrankin.com/eternal_vigilance_is_it_safe_to_click.html
Copyright © 2005 - Bob Rankin - All Rights Reserved