You’ve heard it a bazillion times: “Don’t click links in email!” That’s usually for a very good reason. This is by far one of the biggest ways I see clients get bitten. But what makes email links bad? What’s the worst that could happen if I do click one? This topic is cloudy for most people, so let’s break it down once and for all.

How Email Links Work

Emails are typically formatted in a language known as HTML. It’s the same language that websites are made with. Emails are basically little web pages sent to your inbox. It’s possible to send plain text emails (without HTML), but that’s rarely done these days.

Practically anything you can do with a web page, you can do with an email. This includes linking. Hyperlinks (“links”) are possible because of the HTML working in the background. So what exactly is possible with hyperlinks?

This is a link.

Nothing new, right? So where is this link going to take you? It can be hard to tell. This particular link will take you to Google. But what about this next one?

http://www.amazon.com

This link takes you to Google as well. Why? Because the HTML code I made in the background told it to. You can never tell where a link will take you based on what it says. That goes for pictures and buttons, too.

Example Button

This is an official PayPal button I got from a site somewhere. But it’s only an image (a “picture”). I can make it link anywhere I want. If you click this button, it actually goes to a special page I created.

 

What Are The Dangers of Email Links?

Phishing

Phishing is the term for sending emails (considered the bait) with a link to a fake website. Once on the site, the user is tricked into giving sensitive information. For example, the link takes you to a fake site that looks like your bank, and you try to log in with your username and password. The bad guy has now captured your login info. And if he’s clever then it would redirect you to the real site afterward. You’d probably be none the wiser.

For an ongoing list of phishing alerts, check out FraudWatch International’s page.

Malware or “virus” downloads

The link may take you to a website that infects your computer with malware like ransomware or a keylogger (a “virus” that captures everything you type into your computer like passwords and credit card numbers). Or it might even download the virus directly without going to a web page. Malicious web pages are the most common way that I see computers get infected in my day job.

Why It’s Hard To Tell the Real from the Fake

Most of the emails you get will be fine. The trouble is, do you know which is which? Some bogus emails are obviously fake to most people, full of misspellings and shady suggestions. But some of them look very professional. Take these for instance. They’re both fake. Would you be able to tell the difference?

Phishing Example 1 Paypal Click to View Image

Phishing Example 2 Amazon Click to View Image
These would fool most people. But besides looking legitimate, there are other ways to fool us.

Hacked email account

If a spammer hacks an email account, he can send out an email blast to all the contacts stored in the account. This is dangerous because you may get a phishing email that’s actually sent from the real account of someone you know. Unless the email seems out of the ordinary, you’ll have no way of knowing.

Email address spoofing

Spoofing is essentially “faking”. It’s possible to spoof the sender’s address so it looks like it’s coming from someone you know, when in reality it’s coming from the bad guy’s email account. It can be very hard or impossible to tell if an email address is spoofed. It requires digging through the email header which is, itself, prone to tampering. But if that interests you then check out this guide for basic instructions.

Forwarding a phishing email

Sometimes people are just naive and forward an email to you that has a malicious link in it. They might not realize it’s there, and have possibly become a victim themselves. I see it happen.

Which Email Links Can I Click?

Well, if you don’t click any of them you won’t have a problem. But that’s not realistic. Very few people will ever take that advice. The good news is you don’t have to. I suggest treating links like attachments. Only click it if you’re expecting it.

Examples of when to click

Examples of when NOT to click

What To Do Instead of Clicking Links

…read more

Source: TipTopSecurity

Thanks for reading STOP Clicking Links