At VERIFY, we are dedicated to telling you what is true and false. That includes showing you how to identify fraudulent emails, how scammers can impersonate companies to trick you, and how to protect yourself if you were a victim of a scam.
We also frequently get questions from viewers about specific websites asking if they are legit. Hackers commonly disguise malware with fake or misleading links. They do this in order to trick someone into sharing their personal or financial information, the Federal Trade Commission (FTC) says.
Here are some tips to consider before you click on any link.
- Federal Trade Commission
- Advice on link safety from Stony Brook University, Boston University and University of Denver
- Google Safe Browsing
- Norton Safe Web
- Cyber Tec Security
Here are three tips to help you avoid clicking on a malicious link:
1. If you’re not expecting a link, don’t click on it
If you get an email that contains links from someone you don’t know or a text message from a number you don’t recognize, you should be suspicious. This also applies if you get unexpected or out-of-character messages from someone you might know. This can happen if a person’s account has been hacked.
The FTC says scammers often use similar wording in unsolicited messages that contain suspicious links. The unsolicited sender will:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you need to confirm some personal or financial information
- include an invoice you don’t recognize
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
In these types of messages, the links provided will take you to websites that ask for personal or banking information, or download malware on your computer. Never enter your personal information or financial information on any website if you’re not sure they are legitimate.
Spelling errors or the email’s tone containing a sense of urgency are also signs of malicious emails. You can read more about how to spot an email scam here.
2. Examine the link before you click
Scammers often try to trick you with a bad link by concealing the URL with a button or hyperlinked text, like using the words “please click here” or “follow this link.” This makes it harder to tell where the link will take you.
If you get sent a message containing a suspicious link while you are on a computer, you can hover your mouse over it to see where the hyperlink will actually take you, a guide on online safety from Stony Brook University says. For example, if the message comes from someone claiming to be from one company, but the link you’re hovering over goes to a different website, that’s suspicious.
Boston University’s IT department advises to “never click on a link embedded in an email. Even if sent from someone you trust, always type the link into your browser.” For example, if you get an email claiming there’s a big sale going on at Best Buy, instead of clicking the link in the email, open a browser and go to Best Buy’s website directly.
Links sometimes come through text messages from scammers that try to impersonate government agencies or companies – it’s been done before with the United States Postal Service and the Internal Revenue Service.
Don’t open any links contained in text messages from phone numbers you don’t recognize. Instead, do a web search for the phone number that sent you the message to see if the number is an official phone number. Or, independently look up the information contained in the text. Most companies or agencies have information on their official websites.
3. Research the web address and run safety checks if you’re still suspicious
If you’ve followed the first two VERIFIED tips and are still unsure, the University of Denver Information Security Department says to take a look at the web address, or URL, itself for these common red flags:
- The end of the URL has characters that don’t seem like they belong. Like underscores, hyphens or symbols. For example, google.com is not the same as google-search.com.
- The URL is entirely numbers.
- The link is shortened, which usually means it’s not in a typical “www.example” form.
If you are still uncertain about links or websites, there are tools available online to help.
Google has a safe browsing site where you can submit a website to see whether the website is dangerous at the time you search it.
Norton, an anti-virus software company, also has a tool called Safe Web that lets you enter a site address to check if Norton deems the website safe.
These tools will tell you if the site is trying to steal your information by downloading virus or malware on your equipment, or if the site is suspiciously asking for your personal information with the goal of stealing your identity. But they’re not foolproof, so it’s still good to analyze the links for yourself.
What if you clicked a bad link?
According to Cyber Tec Security, an IT company, here are some steps to take:
- Don’t provide any personal information on the webpage
- Disconnect from the internet. Clicking on a link may have triggered malware to be downloaded, so if you disconnect quick enough, the download may not complete.
- Back up any important files on an external hard drive
- Change any of your passwords and add two-factor authentication to your accounts