Sunday

About Those Links In Emails - Probably Just Best NOT To Click On Any Of 'Em

There are a lot of problems with email. From what used to be the killer app of the new-fangled Internet, it has become a bit of a chore - and a bit less essential with the proliferation of texting and the like. 

There are three main problems with email these days:
  • Spam
  • Spam
  • Spam
The worst kind of spam is the phishing email, which is essentially just an attempt to trick you into clicking on a link, which then either has you inadvertently install something bad, or tricks you into giving up personal information. A phishing email presents itself as being from a legitimate entity, such as a bank or phone company, etc.
Because almost all email is now presented in HTML (the same format as a web page), there is a ubiquitous "trick" that is employed. You may see a link that says something like:


Which looks like it goes to "Myownbank" (a made up example).

BUT, if you hover your mouse over the link without clicking, you should be able to see that the link actually goes to "dontclickthislink" (another made up destination). So, if you click on a link like that, you end up somewhere else - probably a fake site made to look like the imaginary "Myownbank". You might then be asked to confirm your login information or whatever, and the scam is complete - the bad guys have your information.

HOWEVER, even hovering your mouse over the link to confirm the destination is not a perfect solution. There are scripting commands that can be (and are) used to actually take you to a hidden third destination, not disclosed by either of the links you may see above.

The overall advice then, annoyingly, is JUST DON'T CLICK ON LINKS IN EMAILS. Ever. Not worth the hassle. If it appears to be from your bank or credit card company, call them up instead and see what's what.

You can help others by forwarding suspect emails to US-CERT:

No comments :