Honor Society Scam Protection Tip #2: Do Not Click the Links
This is from the Honor Society published book called "How to Avoid the Top E-mail Scams" by Mike Moradian, written to help protect our member and student community from common online scams. To learn more about the book or to purchase a copy, click here.
Tip #2: Do Not Click the Links
At the end of the day, the ultimate goal of a phishing email, besides asking for credit card or bank account information, is to get you to click on a malicious link. This link can then send a virus into your computer that can phish for personal login credentials, as well as do a slew of other things. Some of these links can go directly into your email inbox and start scanning your emails for critical information related to applications and so forth, like your Social Security Number.
That’s why it’s so important to never, ever click the links in phishing emails. We understand you might end up opening the emails by accident. But ALWAYS be weary of email links embedded into already sketchy emails that promise to bring you somewhere for something you have won.
How can you identify if a link is fraudulent in an email? Here are a few precautionary steps to take:
- Hover your mouse over any links embedded into the body of the email.
- Review the link address generated by your mouse. If it looks weird, do not click on it.
- If you are unsure, open a new window and type the link into a browser. Use an Incognito Window to be safe.
- See where the link goes. It should be pretty obvious immediately.
Knowing the Two Types of URLs
Keep in mind, there are two kinds of URLs you can view today:
- Standard-length URL, starting with www, followed by the website name, and ending with a top-level domain.
- Shortened URL, such as goo.gl/V4jVrx.
How can I tell if a link is sketchy? Well, we all know what normal links look like: google.com, honorsociety.org, Walmart.com… you get the picture. If the link is 100 characters long, full of tons of numbers and weird symbols, lacking in a normal “.org or .com” ending, or related to a website name that has nothing to do with the company name or email, it’s probably not a link you want to click on.
Naturally, when it comes to the shortened links, however, it can be harder to tell. These do not look like normal links, and can bring you just about anywhere. Phishers are smart and they know this, which is why they will try and hit you with a shortened link where possible. Here is where the next step comes into the picture.
Again, if you are unsure, go to your browser and open an Incognito Window. These are windows that are unrelated to your plugged in accounts, passwords, etc. that you normally use. Typing out the address will remove the link it contains in your email that can then embed itself into your computer. You can safely search the link this way and see what comes up.
Generally, this should be a practice that you do for just about every email, no matter where it comes from.
Sites That Help Detect Scam Links
If you want to be proactive about your link-opening, here are a few sites that will tell you about the integrity of a link immediately:
- KasperSky VirusDesk: This is a dual-purpose tool that checks links to dodgy websites, as well as suspicious files. To use it, simply enter the URL into the site and click “scan.” It will immediately tell you what it thinks.
- ScanURL: This independent website takes your link and checks them via a secure HTTPS connection. The tool polls Google Safe Browsing, PhishTank, and Web of Trust to verify the link. If the results list is dangerous, obviously, don’t click the link.
- PhishTank: This site is more concerned with phishing sites than it is malware. Enter in the URL. If the URL has already been entered into their tank, they’ll tell you immediately. But if it has not, then you’ll get a tracking number. It’s worth waiting. As their website says, it can be harder to find out information on phishing emails over plain scamming emails given their fleeting nature.
If there’s anything to get from this specific chapter, basically, it’s to: never click on the links embedded in a phishing email. Additionally, hackers are going to try and use shortened links where possible since their legitimacy is harder to detect.
If you think about it, most regular email correspondence does not require you to click on a link to arrive at the necessary information. It’s already stated.
For more on how to protect yourself online, read tips from our published book below:
Intro: How to Avoid the Top E-mail Scams
Tip #1: Look for the Display Name
Tip #2: Do Not Click the Links
Tip #3: Scan for Spelling Errors
Tip #4: Look for Personal Information Requests
Tip #5: The Offer is Unrealistic
Tip #6: You Never Initiated the E-mail
Tip #7: The Email Requests You Send Money
Tip #8: The Message Contains Some Kind of Threat
Tip #9: The Email Claims to be From a Bank or Government Agency
Tip #10: Your Gut Tells You Something is Wrong
Extra Credit #1: Tips for Staying on Top of Phishers
Extra Credit #2: Knowing When It's a Real Email: 5 Tips