Where Is That Link REALLY Going?

  • Published: Wednesday, June 17, 2020

Did you ever get an email with a link embedded in the text? It could be hidden within the text like this: MOREnet. When you click on the highlighted text it resolves to a hyperlink and directs you to a website. Or it could be clearly printed as https://www.MORE.net. Sometimes, if the website is too long, a URL shortener is used. These can take a rather long URL and shorten it to a more manageable and identifiable website; although this might be an efficient method of shortening lengthy URLs, it can also be used to mask links to malicious sites.

How can you be sure that the link you are about to click on is safe? First, don’t click on links that come from unknown or unreliable senders. Hover your mouse over the link without clicking on it. It should reveal the link’s destination in a separate window. Read it closely. Look for misspellings. Knowing how to identify valid domains is another way to help to protect yourself from becoming a cyber crime victim. For example, let's breakdown https://www.more.net/services.

secure protocolthe domain top levelthe path

This is a legitimate URL. The URL will direct you to the services list of our site. When there is a “/” after the domain name, it is taking a path to a subdirectory within the website. For example, https://www.more.net/services/cyber-security will take you to the Cybersecurity page within the Services directory of the MOREnet website.

Be leery of any odd characters or numbers that appear before the actual domain name, especially if a “/” separates this before the top-level domain. Avoid any connection on an unsecure protocol (http).

Further, you can check the address bar for the organization’s details such as SSL/TLS certificates and encrypting sessions. Just click on the secure lock icon at the beginning of the address bar. You can also use a link scanner such as URLVoid to check on a website’s reputation.

Keep in mind that the bad guys are constantly coming up with new and crafty ways to trick you; even taking all of these precautions and educating yourself about the signs of a malicious link isn’t foolproof.

Remember these basic rules:

  • Never click on a link or attachment from unsolicited or unknown senders.
  • If a link takes you to a login page, try going directly to that website’s page for logging in instead. This will ensure that you are entering a legitimate website and not a phony reproduction.
  • When in doubt of the legitimacy of a request, talk directly to the individual making the request face-to-face or pick up the phone.
  • Don’t share your passwords with anyone and use unique passwords for different sites.