How to Tell If a Link Is Safe

First, it’s always a great idea to type in the website yourself. Rule number one: IF IN DOUBT, TYPE IT OUT. There’s no way a bad link can affect you if you don’t click it. This applies to links from your email, social media sites (Facebook / Twitter), and links from web forums.
Second, refer to rule number one.
There is never any way to completely know if clicking a link is safe, but there are very easy guidelines that can go a long way to protecting you.  The problem is no matter for much you investigate a link, it is still possible for criminals to make it look genuine. That’s why the first and second rules apply. We can, however, tell many times if links are bad. For that, we need to learn a little bit about website names.
 
hyper-link parts examine link cybersecurity for homes users link checking safety malware link email

Figure 1, Website Naming Parts.

 
Figure 1 shows the 4 parts to a website name. The only part that is of concern is the google.com part.  This is the part that we all recognize.  This shows that we are going to google.com’s website. The protocol is telling the browser that it’s internet based. The www is a subset of google.com. You can see this on cybersaladbar.com by browsing to my more technical site at secret.cybersaladbar.com. Both sites are part of cybersaladbar.com and are completely traceable back to me personally.
If the website name was hackme.google.com, it is still going to google.com’s website. However, malicious individuals can create a website SecureUpdate.com and then direct people to google.SecureUpdate.com which is NOT google.com, but their potentially malicious site, SecureUpdate.com.
Now, sometimes the links are shown clearly like in Figure 1 for zoom.us, but many times they are hidden. If you hover over a hidden link, the details of that link are shown in the lower leftmost corner of your browser. I’ve shown what it looks like marked in red in figure 2.


clear link how to examin a hyper-link

Figure 2, Clear Link.



Figure 3, Revealing Hidden Links.


So as long as you recognize the last part of zoom.us, google.com, or cybersaladbar.com, then the link is probably OK. However when in doubt, remember the first rule: If in doubt, type it out.
 

Collection of things never to click on:

Any modern website should not need you to update or install anything. It’s just not necessary. If you must install something like Flashplayer or that special video player, exit out of the site that is requesting it and download from the original company like adobe.com/flashplayer/download. NEVER INSTALL SOMETHING FROM A POPUP AD.  These malicious downloads are clever because the criminals copy the real messages from the real companies with dire warnings that need you to click immediately.  Anything can wait to be updated or installed directly from your operating system or the software maker.
 
For examples, I browsed many bad websites so you can see examples of  what NOT to click on. All these are malicious files I found on the internet.


Figure 4, Unknown Publisher, doesn’t even give a fake name.



Figure 5, HD Video Player might be legitimate, or destroy your computer.



Figure 6, Do You Really Need Another “recommended” Browser?



Figure 7, Fake Java Security Update. You can see that my anti-virus software caught it.



Figure 8, Bad Word Document. Only enable editing on Word documents from people you know.



malicious word macro bad link cybersecurity

Figure 9, Another Bad Word Document. Enabling content enables macros which can then infect your computer.



Figure 10, A Fake Update. Yes, it’s fake, but looks exactly the same. Note: Microsoft doesn’t update from a website. If this pops up on your desktop and not a browser, it’s probably fine - refer to rule one above. A browser should never need a system update.
 
I hope you enjoyed seeing the clever ways criminals will try to get you to click on bad links, but remember the first rule. When in doubt, type it out.


Share this

Gary Weessies, CISSP

CyberSecurity Consultant