Clicking or tapping a link in an email, text or just
on a website is always a bit of a gamble. On the other end of a link
could be the information you want to see, or it could be a malicious
website, virus-filled download or inappropriate content. Sometimes the
only way to know for sure is to click. However, there are some important
questions you can ask first that will give you a good idea if the link
is safe or not.
1. Where did the link come from?Perhaps
the most important question you can ask is how you got the link in the
first place. Was it in an unsolicited email or text message? Did you get
it in a Google search? Was it in a friend's Facebook post?
As
a rule, if a link is unsolicited, you don't want to click on it.
Hackers send out malicious links in emails and texts daily. They're
especially good at putting links in emails that look like they're from legitimate companies. If
the link is from someone you know, check with them first to make sure
they really sent it, and that their account wasn't hacked.
Links
you find for yourself are going to be safer, but you still need to
cautious. A Google search is a good example. Hackers use a tactic called
"search engine poisoning" to get malicious links to the top of a Google
search for popular words and topics (more on that later). Learn how to get your legitimate links to the top of a Google search.
The
same goes for Facebook. In general, the links your friends post are
going to be OK, but one of them might have been tricked into sharing a
malicious link, or they installed an app that does it for them. Maybe they got tricked by a like-farming scam. Keep reading and I'm going to look at some other questions that will help reveal those dangers.
2. Why am I clicking the link?OK,
this question sounds philosophical, but I'm not actually asking "why"
you do things in the general metaphysical sense. I'm asking you why you
want to click on that particular link.
Is it out
of fear that something bad will happen if you don't? Are you responding
to greed or anger? Is it out of lust? These are just a few of the
triggers that hackers use to trick you into clicking.
For
example, an email might say your bank account has been hacked and you
need to click right away and enter your information so the bank can get
your money back. Maybe you see a post on Facebook saying you could win
the lottery or get a brand new expensive tech gadget for free.
Perhaps
it's a political post that asks you to sign a petition against
something that makes you angry. And don't forget the ever-popular
promise of racy images or video on the other side of a link.
If
you find yourself on the verge of reacting out of emotion, take a
second and really think about why you're doing what you're doing. You
might realize that you're being manipulated. And I'm about to tell you
how you can know for sure.
3. Does the link look right?Web
links follow certain rules. That means you can often tell at a glance
if one is on the up-and-up. The biggest tip-off is the domain name. For
example, the domain name of my site is "komando.com."
It
might have a prefix, such as "www.komando.com," "news.komando.com," or
"station-finder.komando.com." Or it might have a suffix, such as
"komando.com/tips" or "komando.com/happening-now." But no matter what,
"komando.com" is going to be the centerpiece of any link on our site.
So,
if you got an email claiming to be from Komando but the link was
"www.somethingelse.com/this-is-fake" or even
"komando.somethingelse.com/also-fake" or "somethingelse.com/komando,"
you know something is up.
Sometimes this can get a
little tricky. For example, Google's shortening service is "goog.le,"
but on the whole it's a good thing to check. However, there are a few
more tricks hackers like to pull.
Earlier, I
mentioned search engine poisoning where hackers get malicious links to
the top of a search results page. If you're doing a Google search, look
just below the page title in the search results to see the link it's
coming from. If you're looking for a page on one company's site, and the
link is to another site, then proceed with caution.
Another
trick is that the text of a link and the link itself don't have to be
the same. In an email or online, you can hover your mouse cursor over a
link and then look down in the lower part of the screen to see what the
link really is. You can also right-click on the link, choose "Copy link"
or "Copy link address" and paste the link into word processor to see
what it really is.
Sometimes you'll run into
shortened links, especially on Facebook and Twitter. These are often
legitimate links, but it will just show bit.ly/123456, goog.le/123456 or
t.com/123456. In general, as long as the person posting them is
legitimate, you're OK. If it's a random account you stumbled on that
doesn't have a lot of followers or is posting nonsensical information,
be more cautious. Of course, sometimes it helps to get a second opinion.
4. Is there a second opinion?Sometimes
when you're in a rush, you don't always check links as thoroughly as
you should. Or maybe you think a link in a Google search or on a website
is bad, but you aren't sure.
Most security
companies have software that watches links and lets you know if they
don't go where you think, or if other people have reported them as being
a problem. Check your security software to see if it has a URL
reputation system you can enable in your browser; most do.
5. What's on the other side?If
you're even a little suspicious of a link, you shouldn't click on it.
Better safe than sorry. And if it's information you really need, you can
usually visit a company's site directly to find it, or look it up in a
Google search.
However, sometimes you'll click on a
link and wind up in a place that sets off alarm bells. Maybe the site
isn't the company site you were expecting; it might look like it was
thrown together; or it could pester you to enter information you know
you shouldn't give out.
Remember, it's always OK to walk away. Close the browser tab and go find the information somewhere else.
Of
course, some sites will attack your computer as soon as the page loads.
You might not have a chance to leave before the damage is done. Learn how to make your browser hacker-proof to keep that from happening.
