No matter how cautious you are while surfing internet, in every corner a trap or threat is ready to victimize you. We often come across various hyperlinks that lead us to another page on the internet. But how can we understand if the destination is reliable or not? You never know what lies there until you open it. And no security software can protect you from the headaches you encounter if you click a malicious link. The threat can be a malware, adware or ransomware and each of them can risk your privacy and cause you financial and reputational damage.
Your friends might unknowingly pass unsafe links in emails, instant messages, facebook posts etc. The links might appear to be shortcuts to funny videos, bizarre tricks, shocking news stories, ‘awesome’ deals etc. which are designed to steal your personal information.Malicious links can also be present in website ads and search results.
So, how to decipher if the link you are clicking on is malicious or not before opening it? Here’s how you can spot malicious link:
Take a closer look at the domain name in the link. An altered spelling of a domain name is almost a sign of scamming attempt. The difference might be hard to notice at the first glance. The phishing attackers try to exploit the common human traits to get their purpose accomplished. So beware of the look-alike letters and numbers in the link and check very carefully before clicking.
Sometimes a link masks the website to which it links. While dealing with a hyperlink, hover the mouse cursor over the text and you’ll notice the full URL of the link’s destination in a lower corner of your browser. Also note that in phishing scams, links seem to be similar like legitimate sites. Hovering over hyperlinks decodes where the link leads and it is a good way to safeguard yourself from being a victim. Only a keen observation can help you to understand the difference between a legitimate link and a fake one. For example, a link is displayed which says: Click here to connect to facebook which is actually leading to ISOEH home page. But without hovering over it, thus people will easily be deceived by landing in a malicious site. Avoid clicking on links in an email that comes from an unknown source or goes to spam folder. If you are in doubt about a link, place the organization’s URL in a search engine instead of the link provided in the email.
For financial dealings, check if the site uses Http or Https. This ensures that your data is sent encrypted across the internet to the website. Genuine e-commerce sites and online banking sites will always use the more secure form of Https instead of Http. https:// will be displayed in the URL address field of the browser with a security padlock icon next to the address. Double click on the padlock icon and the security certificate of the websitewill be displayed.If the security certificate isn’t displayed, you receive a message saying the URL address of the site does not match the certificate, or that the certificate is not to be trusted, then it is most likely a spoof with someone waiting to get hold of your credentials.
Short link services like bit.ly are popular choices for microblogging sites specially Twitter where character limitations are present. In this case, hovering over the link won’t help. Short links often hide their source and what they contain. It is a method used by malware distributors and phishing attackers to conceal the true destinations of the links. For shortened links, you can use the “preview” function. If you enter the shortened bit.ly URL in your browser with a “+” at the end, it will report back information about the site that the shortened link leads to.
Phishing attacks often follow a common practice; verifying the details. Emails claiming to be from your bank and asking you to verify your account credentials for urgent safety issues are mostly trap. This common practice is aimed at getting access to your personal bank account and you should definitely not respond to that or give away sensitive information. If you receive such suspicious email, first check the website by entering the address directly to your browser or give them a call. Don’t accept what the email tries to claim without verifying it first.Never trust links in e-mails, text messages, pop-ups, etc.
Hackers and malware distributors try to conceal the destination of malware or phishing sites by using what is known as URL encoding. For example, the letter "A" that has been URL-encoded would translate to "%41". Encoding is used to mask destinations, commands etc. so that one cannot read it without URL decoding tool. So, in case of lots of special character in a link, never click on it.
So, whenever you are unsure about a link, pause. Don’t be compelled by artificial urgency and don’t give away your sensitive information in emails. Be aware if you are addressed impersonally and check the authenticity of the sender carefully. If you have mistakenly clicked on a malicious link or entered your login details or other sensitive data into the site, then go to the authentic website immediately and change your passwords and login details.
The moral is, while on internet, trust less and happy surfing!