How To Spot A Malicious Link
Category : Tips & Training
You’ve been there, clicking on that link which is supposed to show you the latest celebrity gossip only to pop up a virus warning on your screen instead. It is common practice for the bad guys to use links in emails and compromised websites to spread their malware. So with all of these potentially risking links going around, how exactly do you tell which ones are bad and which ones are safe?
Ways for How To Spot A Malicious Link
While the bad guys are being more and more clever, there are some telltale signs of a bad link that you can spot pretty quickly. Your first step should be to hover over the link. Nearly all browsers will then pop up the full link text in the lower section of the window allowing you to see the whole link. This let’s you verify the domain the link is pointing to and check for any other signs of the link being malicious.
The Link Is Shortened
It is popular nowadays to use what is called a Link Shortening service. Services such as Bit.ly and even Google’s own Goo.gl will shorten a link in order to fit a character limit. Twitter has their own link shortener integrated to aid in keeping your tweets within the character limit. The problem here lies in the fact that the link is essentially being masked so that you don’t know the full link until you click on it. This was an intentional design and not done in a malicious context, but of course people found a way to exploit it. If the source of the link is unknown to you, then it would be better to be safe and ignore than click it and possibly lose all your data.
The Link Came From An Unsolicited Email
One of the most common methods of spreading malicious links and files is through email. We are inundated every day with loads of spam, so the most dangerous malicious emails will be crafted to bypass your spam filter. A popular email approach would be an email regarding one of your accounts such as a bank account. The email would request you do something such as “verify your account information.” The link may be there fully visible or hidden within an image like “Click Here To Verify.” This is done specifically to make it harder to spot the malicious link.
The most important thing to do in cases such as this will be to go directly to the website. Never, I repeat NEVER, click the link in the email even if it appears legitimate. In cases like this you should not take the risk of clicking the link, especially if it is asking for account information. This is where a large number of identify theft issues stem from.
The Link Includes Strange Characters
Because there are ways to view the full link, the bad guys will also utilize obfuscation to keep you from seeing the real link. This is accomplished through what is known as URL encoding.
An example would be “%41.” While you wouldn’t think much of this text, when run through a decoder it returns as “A.”
Using this method, malware distributors can make a link look like random gibberish while still functioning as if typed without the encoding. So basically, if you see a link with a lot of “%” symbols in it, then it is probably malicious.
The Best Ways To Protect Yourself
Safely Scan The Link
There are ways to scan to a link, even a shortened one, to find out if it might be malicious before you click it. The first step here is to safely copy the link, which you can do by using right-click and choosing Copy Link Address (in Chrome), Copy Link Location (in Firefox), Copy Link (in Safari and Microsoft Edge), and Copy Shortcut (in Internet Explorer)This will place the link into your clipboard allowing you to safely paste it into one of the following services.
CheckShortUrl.com gives you a way to expand that shortened link into the full text and see just where it was going to send you.
URLVoid.com will allow you to scan the link using multiple services including Google and Norton SafeWeb to verify its reliability. Unfortunately, with a shortened link URLVoid will scan the Link Shortening service’s website instead of the target link.
Sucuri Scanner will also scan your links for safety, but the difference lies in the fact that Sucuri will expand shortened links to scan the original link. However, Sucuri does not scan the links with as many services as URLVoid does.
ScanURL.net is another you should look at. ScanURL is an independent website that takes your link queries submissions seriously via a secure HTTPS connection. Although the link submission screen is ad-supported, the results are good.
Have Active Scanning Anti-Virus Running
Many of the anti-virus companies now include link scanning in the core functionality. While there are some AV products that include this in the free version, the most reputable and reliable AV companies require you to purchase a subscription to use this feature. If you have run into problems with clicking malicious links in the past, then this may be a good option for you.
Use A Secure Browser
While the web browser you use is due to either personal preference or in some case the fact that it is “what was already there,” certain browsers have built-in safety checks when it comes to malicious URLs. Google’s Chrome browser is a notable choice for this as many malicious sites and links are detected early off due to Google’s search indexing. The Chrome browser ties in with this to alert you to a potentially malicious site.
What To Do When You Click A Bad Link
So what do you need to do when you do click a bad link? Well this is a tricky one because the most effective malicious links won’t let you know it was bad. If you see anything that stands out as being wrong with the website, the downloaded file, or just something starts acting up on your PC immediately afterwards, you should run a full system scan and possibly disconnect from the network as an extra precaution. After all, you may have infected your system with a ransomware program that could be designed to spread through the network to other PCs or network shares. If you believe you may have infected your system and want professional examination, you can certain schedule a service call for one of our technicians to come and take a look at it.
