Case study: Verifying a link before clicking on it

by
Print Friendly, PDF & Email
Play

One of the most dangerous things you can do with your computer is to click on a link when you don’t know where that link will take you. It doesn’t matter if it’s a Facebook link from someone you barely know, or a loving email from your dear sweet mother – don’t click on a link without knowing where it goes!

verify link

 

This is wonderfully illustrated this past week in an email I got from my friend and long-time client Marge. She got an email that was supposedly from Paypal Customer Service, asking her to verify her account using a link that just said “CLICK HERE”. She wisely did not click on it and just forwarded it to me to verify that it was a scam.

Here’s the email:

blind links

 

With a lot of scams, the email sender will at least spoof the “From” address so that it looks like it came from Paypal. In this case, the scammer was just too lazy I guess. Obviously that is not an email address for Paypal Support.

But more importantly, the message in the email asked her to click on a link to “verify” her account (this was another red flag, since Marge does not have a Paypal account). And even if she did have a Paypal account, Paypal would never ask ¬†you to do this. They know that any security-conscious user would not click that link. Here’s why.

There are two components to any link: the link text and the link address.

The link text are the words you can actually see; the text that you are supposed to click on. In this case, the link text is “CLICK HERE”. That text can be anything the writer wants it to be. It doesn’t have to be anything related to where the link address goes.

The link address is the actual website where you’ll be sent when you click on the link text. In a lot of cases you can’t see the link address; you can only see the link text. That’s what makes this a little tricky.

In fact, the link text could even be a website address, and you could click on it thinking that was also the link address, but the link address could be completely different. For example, the link below says it’s supposed to be for the Ford automobile¬†website, right? But if you actually click on it (it’s safe if you want to try it), it will instead take you to the Chevrolet website. That’s because the text says Ford, but the address is for Chevy.

http://www.Ford.com

In the case of the email shown above, all we see is the link text. How do we find out what the actual address is? Well, the WORST way to find out is to just click the link and see where it takes you – don’t do that, no matter how tempting it might be!

What you should do instead is RIGHT click on the link text, and choose “Copy Hyperlink” or “Copy link address” or something similar:

verify links

 

Then, open up a plain text editing program on your computer. In Windows, Notepad is perfect for this. When you have that open you can click Edit – Paste, or just right-click in the white area and choose Paste from the menu that pops up. In this case, here is what was shown as the link address:

verify links

 

Well, isn’t that interesting! Sure doesn’t look like a Paypal website address, does it?

Bitly is actually what’s called a link-shortening service. If you want to send a link to someone but it’s one of those really long ones, you can paste it in at the Bitly website (www.Bit.ly) and they’ll create a much shorter link for you, which will actually redirect to your longer link address. It’s a legitimate and useful service, but unfortunately it gets used by scammers in order to hide the REAL website address where they want to send you.

So we have the Bit.ly address – how do we know where that’s going to lead? There’s a little trick to that. When you copy and paste a Bitly address into your web browser (such as Firefox or Chrome), add a “+” (a plus sign) after it and hit Enter. Instead of taking you directly to the end website address, Bitly will instead give you a preview of where it leads, and THEN you can decide if you want to go there or not. It’s a handy security feature built into Bitly, which you should definitely take advantage of. So we put this into the web browser:

verify links

and here’s the preview that Bitly provides for us:

Bitly preview

It doesn’t take much of a security expert to determine that “huytv.ml.silentroom.cf” is not a website address for Paypal Customer Support.

I was curious about the “.CF” that came at the end of that address though. It was not one that I was familiar with. The more common ones are easy to identify – .CA means it’s based in Canada, .gov means it’s either the federal or state government here in the US, etc. When I checked on what the “.CF” originated, here’s what I found:

verify links

 

Unfortunately, it’s not a big surprise to see that it came from Africa – that’s where a lot of internet scams originate. Probably the biggest majority are in Nigeria though. So this email could have come from an organized spammer/scammer group that’s raking in a lot of money from this activity, or it could be some teenager sitting in an internet cafe, sending out emails and hoping to get lucky when someone clicks on one of them. Stay alert and suspicious so that you’re not a victim!

listen to my podcast in iTunes

Share this post

2 comments Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

David
June 13th, 2016

If you hover over the link, the actual link address it’s sending you to will appear in the bottom left of the screen as a preview.
At least in Firefox.

Scott Johnson
June 13th, 2016

Thanks David. That is true for most web browsers when you’re on a website, but not usually true when you have a link in an email, such as in Outlook.