Let there be no confusion: The Internet is an irredeemable cesspit of deception, a proverbial hive of villainy. Granted, it’s also revolutionary. Twenty-odd years into its widespread use, though, and we’re still hounded by digital pickpockets and thugs at every virtual street corner. And the hyperlink, the core building block of the entire affair, is the Saturday Night Special responsible for so much of the pain.
There are several ways you can be hoodwinked by a bad link, but the gist is the same: You’re emailed, texted, or tweeted, or you simply Googled for a topic, and are served up a link. You click on it. And then something terrible happens. Sometimes that may be malware getting installed on your PC, which then proceeds to root out passwords, or surreptitiously turns your PC into a zombie for sending out more spam, or simply tears through your hard drive wreaking havoc, you know, just for kicks. That link might also be the bait in a so-called “phishing” scam, where you follow a link to a site that seems completely legit, like a near-identical clone of your banking site, and you’re led to input your login and password. It’s only later that you discover you’ve been duped when you bounce a check and learn your accounts have been looted.
The main reason links are such an enduring pitfall is in large part because they’re so unpredictable. So far, there’s no instantaneous way a user can look at the URL (the address you type into the browser) of a given site and know without being tech savvy that they’re going to an official “safe” site. To make matters worse, links in emails and texts can be spoofed, so that the text of a link may read as if it’s sending you to one site, but in reality the linked URL goes somewhere else. And then there’s handy tools like URL shorteners, such as bit.ly, which compress unwieldy addresses to shorter ones, often the ones you see linked on Twitter and Facebook. As convenient as they are, users often have no clue what URL they are visiting when clicking a shortened one. That’s just a recipe for disaster — the Web isn’t supposed to work this way.
Short of unplugging and resorting to pen and paper, there are a few ways to keep safer online and to reveal when that screwy-seeming link you’ve been sent is actually a bad idea. Before clicking on any link, first ask yourself who sent it (Someone you know? Someone who wouldn’t ordinarily email? A random?), why (Is there something random about the link, or does it pertain appropriately?); and how (Is the context normal or no?). Another quick hit is to simply place your cursor over it, and the URL you’re going to visit automatically appears in your browser’s lower frame, potentially revealing if there’s some trickery going on. That method doesn’t work with URL shorteners, however; for those you’ll need to cut and paste or retype the URL into sitecheck.sucuri.com, which scans and then determines if a shortened link is safe. For regular links that seem fishy or you’re unsure of the sender, check out urlvoid.com, a free URL scanner that compares a website’s address against an ever-growing database of scam artists.
So here’s the drill. See a link? Hover over it before clicking and see where it leads. If it’s straightforward and familiar — citibank.com, for example — carry on. If it’s shortened, right click and copy the address and then paste it into the search bar sitecheck.sucuri.com to see the full expanded address. If it’s something else entirely, hit up urlvoid.com and do the same and see if it gets flagged. If not, then surf away in confidence that you are in shark-free waters.