5 security questions to ask before clicking on a link

URLs used to be a nice and simple way to link to an online destination without a long and fiddly URL, but in today’s world of advancing cybercrime they can lead to password and data theft, even drive-by-download malware attacks. So ask yourself these five questions before clicking on that shortened link.

Do you trust the person sending/posting the link?

‘Trust’ should be the same online as it is in the real world, but sadly this is rarely the case. For example, people will always check the keyhole before opening their front door, and teach their children about the dangers of walking off with strangers, but these same people might also open an email, or click on a link, from someone they’ve never met.

The good news is that, despite phishing remaining a popular tool for cybercriminals, people are improving at distinguishing the good emails (and links) from bad, something that has also been helped by advancing spam filters.

Nonetheless, you still need to be alert, so the first question to ask yourself is ‘do I trust the person sending or sharing this link?’ If the link has been sent by a friend or family member, and on a trusted social media platform or email client, there’s a good chance it’s OK. If, for whatever reason, you’re unsure, maybe you could call them to verify that they did indeed send that information.

However, if you don’t recognize the name, the email account or the content, it is best avoided. You should be particularly wary of emails that look to catch you out by mentioning your name in the subject matter, or which claim to be from your bank or PayPal account.

Do you trust the platform?

Social media platforms are filled with people sharing links, but some are malicious.

Social media platforms are filled with people sharing links, but some are malicious.

Like most of the questions on this list, ‘do you trust the platform?’ revolves around common sense. For instance, there’s probably no need to worry if this link has been shared on your businesses’ Intranet or private WhatsApp group. But if something’s in your email spam, or on an anonymous Twitter account, that should be treated with caution.

Pay special attention to Twitter and Facebook as both social media websites have been hit by copious amounts of spam before, with some links even directing users to malware-infected websites. If you’re unsure on the link, and don’t know about the platform, you should search elsewhere.

Additionally, high profile accounts have been hacked, so if the surrounding text seems out of character for the sharer, think twice.

Do you trust the destination?

Look at the link that has been shared. Does it go to a website you recognize, or even like?

If you don’t trust, or don’t know, the destination you should not click the link. Instead, do your own web search and visit the website via that route.

Does this link coincide with a major world event?

Phishing campaigns often try and coincide with interest surrounding real world events - like the Olympics.

Phishing campaigns often try and coincide with interest surrounding real world events – like the Olympics.

Cybercriminals are very opportunistic, and they’ll seize any opportunity to get someone to click that link that takes them to a bad website. This is especially true around major events, like natural disasters, Olympics and World Cups – the numbers of spam emails and tweets simply skyrocket at this time; just take a look at the emails sent shortly after the MH17 disaster.

So if you see a link, for example on the Nepal earthquake, have a good hard think about this, in relation to the three previous questions on the source of the link, where it has been shared and where the link is taking you to.

Is it a shortened link?

The rise of social media like Twitter, Facebook and Instagram has seen the rise too of shortened links for convenience. Most of these are well intentioned but danger can still lurk here.

For example, a cybercriminal can shorten their nefarious link using Bitly, goo.gl or any other provider, in the hope that the user blindly trusts that link as from a trusted source. Also, if they combined this link with an authentic tweet or email, the user could well be encouraged into thinking that this was a legitimate message from a legitimate user.

So with shortened links, the advice is clear; ask yourself the above four questions and if you’re unsure still, use the likes of LongURL and CheckShortURL, to restore the shortened link to its original length.

Bloomua, Paolo Bona / Shutterstock.com

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.