I was recently invited to answer a question on the Quora website about whether a particular website was a good guide for learning meditation. But the link given was a bit.ly link.
I was suspicious.
Bit.ly is a service I sometimes use in this column to shorten long links so they can easily be entered into your browser. The link then redirects you to the original web page.
I knew that if I clicked the bit.ly link in the question, I could end up at a malicious site that would install malware on my computer.
So I used CheckShortURL. It expands a shortened link so you can see the actual link and gives information about the website. In this case, the destination link was TheGenieScript.com.
CheckShortURL shows an image of the page and gives links to well-known security sites so you can check to see if it’s safe. Clicking on Web of Trust told me they don’t consider TheGenieScript.com safe.
Often when you see a questionable link you need not even use one of these sites, since closely examining the link will reveal that it’s a scam. For example, a scam text message going around alerts a person that a FedEx driver attempted to deliver a package and that it’s now necessary to reschedule delivery. It then says “Please confirm your details here: bdpv5g.com/ITfD.” If it’s not FedEx.com, it’s not likely from FedEx.
The same is true of scam emails. Look closely at the sender. For example, a recent scam email purportedly from PayPal informed the recipient their account was billed $249 for antivirus software and to call 1-844-683-3119 if they have questions. The sender, though, wasn’t PayPal. Rather, it was secure@paypal-Online3-e1.co.us. Anything from PayPal would come from PayPal.com. Calling the number would link you up with a scammer who would likely try to elicit your PayPal login.
Also, if you question whether a phone number is from a legitimate caller, you can simply search for the number in Google. Searching this particular number brings up a website with this summary text in Google’s search results: “You sparkle with illuminated blue background. Anthropology and educational camp this summer. Priapuloidea Cereal is good exercise.” Does that sound like PayPal?
Of course, most of the time when you encounter a questionable link, you are unable to see the actual domain name. The text may say PayPal but the underlying link could be a malicious website. You probably know you can hover your cursor over any link to see the underlying URL. Also, on my iPad I found that if I tap and hold a link, it will show me the underlying URL.
Even as I was writing this, I received an email ostensibly from my university’s IT Help Desk saying my email password was expiring and that I had to confirm it within the next 8 hours. The sender looked legit: firstname.lastname@example.org. But hovering the cursor over the “Keep Same Password” link pointed to amplifyapp.com. Scam, of course.
I used the ICANN Lookup site and saw that this domain was registered by Amazon Technologies, Inc., located in Nevada. According to Scamalytics, “web traffic from this ISP poses a high risk of being fraudulent.”
Another common situation is to receive an email from someone you know, but it seems fishy. A few years ago I received an email from a faculty colleague that read something like, “See the information in the attachment.” Since I would often write up news reports about faculty achievements, it was conceivable that he was sending me relevant information. But I had my doubts.
I replied to the email, saying, “Dale, is this really from you?” I got a reply, “Yes, it is.” Still, I held off. A week later I emailed him again, asking if he’d sent me an attachment. He replied, “Don’t click on that attachment! Someone broke into my account.” The scammer himself had replied to my first email.
If you’re wary that an attachment you’ve received might install malware on your computer, don’t click on it. You can instead upload it to a website that checks attachments for malware. Sites offering this service include Virus Total. Or you can simply forward the email to scan@virus total.com. Another good one is MetaDefender Cloud, which not only will check files but also URLs, domain names, IP addresses, and more.
By now you’re probably savvy about these sorts of situations. But if you have doubts about whether something is legitimate, these tools should help you stay safe.
Find column archives at JimKarpen.com.