In today's digital age, suspicious links are often the catalyst of a potential cyber-attack, specifically a phishing attack.
The goal of a phishing attack is to fool the recipient into providing personal or financial information. This is done by clicking on suspicious links that are disguised to trick the user, including mirroring popular retailers and companies that people use every day.
Phishing attacks are conducted through email, text messages, social media messaging, mobile apps, and pop-up notifications and have evolved to become more sophisticated and malicious to the point where clicking on a suspicious link is enough to jeopardize your financial and/or private information, even if you do not provide any personal information.
Tips to Avoid Clicking on Suspicious Links
Scammers will go through many avenues to steal your information. Phishing is a tactic used when scammers send text messages or emails in the hopes of tricking you into providing sensitive information.
- Before opening an email or clicking on a link, consider how well you know the sender. If you have never seen the display or domain name before, this could be a red flag. Even if you do know the sender, it is not necessarily a guarantee of safety. If someone you know has clicked on a suspicious link before or has been a victim of a data breach, phishing attempt, malware, or similar attack in the past, you might not have prior knowledge of this. Scammers can send suspicious links through infected channels. Always check the header and display names before opening suspicious emails. Do not hesitate to check with the sender (if it is someone you know) to see if they meant to send you a link.
- Ask yourself if you have a relationship with the company that contacted you. If you do, stop, and visit the company's direct website by typing it in yourself, using a search engine, or calling their legitimate phone number found on the company's website instead of using the phone number or email provided.
- Pay attention to the subject line. The subject line of these phishing emails will usually contain wording that requires you to take action or convinces you to act quickly. Be aware of subject lines like 'Please Update your Payment Details' or 'Your Account is on Hold' or 'There is a billing problem with your account' or 'Your service has been suspended'. All of these subject lines rely on you to believe that there is an issue that must be addressed. Legitimate companies do not send threatening emails with these subject lines. Always review the sender and proceed with caution.
- Hover over the link in question. To do this, roll the cursor over the link on a web page and the cursor will change from a pointer to a small hand and will display the URL in the lower left corner of the browser/application window. From there, review where that link is being directed to ensure you are not going to a fake or suspicious site.
- Scrutinize the spelling and grammar. If the email or website contains spelling or grammatical errors, this is can be a clear sign that it is a phishing email or a 'bad' website. Legitimate companies will always ensure their communications do not have errors.
- Review the sender's address and other electronic clues. The sender's email address is an effective way to confirm the legitimacy of the email. If the email address is from a public email instead of a company's actual domain, then the contents of that email are to be considered malicious and should be deleted immediately. Additionally, receiving suspicious links via text messages or within applications may contain clues such as the name of the sender, scrambled/foreign syntax or threatening language.
- Do not open attachments from unexpected senders. Occasionally, suspicious messages will contain attachments, or even images that appear to be attachments. If you did not anticipate receiving an attachment or are questioning the source of the message, avoid opening or clicking on the file or image. Some email programs are set up to give you a preview of attachments so you can see what it would look like by hovering your cursor over it without actually having to download the link.
Real or Fake?
If you have clicked on a link believing that it was from an authentic source or company, how could you tell if it was real or fake? In order to help ascertain the legitimacy, look for the following signs: the expected page result, credential requests, and lack of webpage security. If the link brought you to a completely different type of website than you originally anticipated, this could be a sign of an attempted cyberattack. If the site asks for a login or for some type of payment info, this is another suspicious quality, especially if the site does not feature clearly noted webpage security with a padlock icon in the web address bar. An unsecure page could easily mean that the source of the link is out to steal your data and information.