by Carey van Vlaanderen, CEO, ESET Southern Africa
In today’s world of advancing cybercrime URL’s can lead to password and data theft, as well as drive-by-download malware attacks.
Before you click on a link, as yourself these five questions:
- Do you trust the person sending/posting the link?
Trust should be the same online as it is in the real world. The good news is that despite phishing remaining a popular tool for cybercriminals, people are improving at distinguishing the good emails (and links) from bad, something that has also been helped by advancing spam filters.
Nonetheless, you still need to be alert. The first question to ask yourself is: Do I trust the person sending or sharing this link? If the link has been sent by a friend or family member, and on a trusted social media platform – there’s a good chance it may be okay. If, for whatever reason, you’re unsure, it is advisable to ask them to verify that they did indeed send that information.
However, if you do not recognise the name, the email account or the content, it is best avoided. You should be particularly cautious of emails that attempt to catch you out by mentioning your name in the subject line, or which claim to be from your bank.
- Do you trust the platform?
Pay special attention to Twitter and Facebook as both social media websites have been hit by copious amounts of spam, with some links even directing users to malware-infected websites. If you are unsure of the link, and don’t know about the platform, you should search elsewhere.
Additionally, high profile accounts have been hacked, so if the surrounding text seems out of character for the sharer, think twice.
- Do you trust the destination?
Look at the link that has been shared. Does it go to a website that you recognise, or even like?
If you don’t trust, or don’t know, the destinations don’t click on the link. Instead, do your own web search and visit the website via that route.
- Does the link coincide with a major world event?
Cybercriminals are very opportunistic, and they will seize any opportunity to get someone to click a link that may take them to an infected website. This is especially true around major events, like natural disasters, Olympics and World Cups – the numbers of spam emails and tweets skyrocket at this time.
- Is its a shortened link?
The rise of social media like Twitter, Facebook and Instagram has seen the rise too of shortened links for convenience. Most of these are well intentioned but danger can still lurk here.
For example, a cybercriminal can shorten their nefarious link using Bitly, goo.gl or any other provider in the hope that the user blindly trusts that link as from a trusted source. Also, if they combined a link with an authentic tweet or email, the user could well be encouraged into thinking that this was a legitimate message from a legitimate user.
So with shortened links, the advice is clear; ask yourself the above four questions and if you are still unsure, use the likes of LongURL and CheckShortURL, to restore the shortened link to its original length.