Tech Tip Tuesday: Does that link look a little strange? Here's how to tell
Do you have click anxiety? It's that feeling you get right before you click a link that looks a little fishy. You ask yourself, Am I going to get a virus by clicking this?Sometimes you click it, sometimes you don't.
Cut through the indecision by thinking critically about the links you encounter.
The Link is a Shortened Link
Link shortening services such as bit.ly and others are popular choices for fitting a link into the confines of a Twitter post. However, link shortening is also a method used by malware distributors and phishers to conceal the true destinations of their links.
Obviously, if a link is shortened, you can't tell whether it's bad or good just by looking at it, so use a tool designed to inspect short links. They'll reveal the true destination of a short link without actually following it. Explore the Dangers of Short Links for details on how to view a short link's destination.
The Link Came to You in an Unsolicited Email
If you received an unsolicited email that is supposedly from your bank asking you to "verify your information" then you are probably the target of a phishing attack.
Even if the link to your bank in the email looks legitimate, you shouldn't click it as it could be a phishing link in disguise. Always visit your bank's website by entering its address directly into your browser or through a bookmark you made yourself. Never trust links in e-mails, text messages, pop-ups, etc.
The Link has a Bunch of Strange Characters in It
Oftentimes, hackers and malware distributors will try to conceal the destination of malware or phishing sites by using what is known as URL encoding. For example, the letter A that has been URL-encoded translates to %41.
Using encoding, hackers and malware distributors can mask destinations, commands, and other nasty stuff within a link so that you can't read it unless you have a URL decoding tool or translation table handy. Keep reading original article
WARNING: If you see a bunch of % symbols in the URL, beware
If you continue reading the article, they offer some excellent tools that help you inspect links without clicking through them, but honestly, the best tool is retraining the a person to spot the problems and building confidence in their abilities. Wouldn't it be great if your users had a way to "roll back time" when they forgot to think before they click on a bad link? Now they can, through SECOND CHANCE.
We're excited to announce this new product by our Security Awareness Training partner KnowBe4. Second Chance isa brand-new security tool for Outlook, Office 365, and Gmail email clients that you can download and deploy at no cost. Second Chance enables your user to make a smarter security decision by giving them a way to back out of that click.
Second Chance takes an intelligent look at the clicked URL in email, and asks your user if they are sure they want to do this, in case they clicked on a potentially unsafe or an unknown website.
With the URL Unwinding feature, shortened and re-written links gives users the original link and the location the link will take them. It even prompts your user when they click on a Punycode link!
You might ask: "What happens if my user continues or aborts their action?" If they choose to abort their action, the prompt will be closed, and the URL will not be opened. If they choose to continue, their browser will navigate to the URL they clicked on.
Here's how it works:
Checks links originated in email messages, including attached Office Documents and PDFs
Set the message your user gets after clicking a URL
Set "No Prompt" domains
Install it standard, command-line or GPO
Get reporting data on what URL users chose to abort or continue to share with management
Requirements: Windows 7 (32 or 64 bit) and higher, all installed versions of Outlook 2007 and higher, .NET 4.0 or newer. Gmail and Office 365 web interfaces if the end user is using Internet Explorer 11 on Windows 7 or higher.