How to verify link targets before you click on links
Yesterday's post about a new virus attack on Skype has shown that it is important to verify link targets before you click on the links. Because if you do not, you may end up with some nasty virus, trojan or other malicious software on your PC. What makes the Skype attack work that well is that it spreads by messaging Skype contacts, people that you probably trust not to send you malicious links or files.
Skype is obviously just an example, and the same thing can happen on sites like Facebook, Twitter, Google, other messaging apps, your mobile phone or email app as well. Even a computer system with up to date protection can become infected if a new type of virus is being spread that the antivirus software does not identify as a threat yet.
There are two main types of link disguises that you will encounter in these attacks:
- A shortened link that does not reveal the main target
- An HTML link that displays a different link in the text than it actually links to.
You can use web services such as LongUrl or CheckShortUrl to reveal link targets without clicking on the links to do that by yourself. All you need to do is copy the link, by right-clicking it and selecting copy, or highlighting it and using Ctrl-c to copy, to paste it in the form on one of the two sites linked above. You will automatically be taken to a page that reveals the long url here so that you know where the short link takes you before you click on the link.
Instead of using a web service to expand short urls, you can instead install and use a browser extension. These extensions are limited in reach, meaning that you usually can't use them to expand short urls that you encounter in other programs running on your system.
The big issue with HTML links that throws many inexperienced users off is that the link text can look like an url as well. A HTML link consists of two main parts:
- The link target itself
- The link text
Lets look at an example: http://www.google.com/
On first glance, it looks as if the link is taking you to Google.com, right? The link text suggests that. The actual link however leads to bing.com instead.Â If you look at the actual source code,Â you will notice that:
The href defines the link target, the link text is enclosed in between the command. All you need to remember is that the link text is a string that can look like a domain name or url.
Instead of looking at the source code, you often can simply hover your mouse cursor over the link to find out more about the link destination.
As you can see in this case, hovering over the google.com link reveals that it actually leads to bing.com.
It is important to verify links before you click on them. This is especially true for high profile links that point to financial websites or other websites that you have a connection with.Advertisement