Beware of email links

By Eugene "Bucky" Edgett III
This item appears on page 44 of the January 2016 issue.

In the Editor’s November 2015 “Boarding Pass” column, he warned of an online-hotel-booking scam, and I must take friendly issue with advice given on page 58 that describes what to look for after clicking on a link within a suspicious email. You should never, ever click a link that you haven’t verified first. There’s an important reason for this rule.

As the Editor stated, a scam site may ask someone to enter private information, which subsequently will be misused. This is known as “phishing,” that is, hoping to catch some suckers who don’t know better. 

Sometimes, after being misdirected to a scam site (the article gives some tips on how to, at least, try to avoid that), it may be possible to determine that it’s a simple phishing site, and sometimes not, but, in any case, with a phishing site, if no information is entered or submitted, no information will be stolen.

However, there are much more evil and harmful sites known as “drive-by download” sites that use software and operating-system security inefficiencies to install malware without the visitor doing anything more than clicking on a link to the website! These are potentially much more harmful. 

A phishing site will be able to harvest only the information you give it, but a malware program can get all kinds of information and you don’t even know it’s getting it. Yow!

Antivirus programs and even browsers, themselves, try to keep track of such pages as they’re discovered, and operating systems try to prevent unauthorized downloads, but the scammers always manage to be one step ahead.

So, in the interest of “Verify Before You Click,” I offer the following tip. 

While reading an email, you can hover your cursor over any link. In the bottom-left corner of your browser window, a little address bar will show you the URL destination to which the link will direct you. Using the above-mentioned tips that ITN’s Editor listed for verifying sites, if the destination URL matches a known site, you can be satisfied that you will be taken to a site you can trust. 

Most desktop browsers will show an address when hovering over the link; I use Firefox for Macintosh. Users of other operating systems or browsers will have to check their software for the position of the URL destination when hovering over a link. 

Sadly, this tip won’t work for touchscreens. Most touchscreens, especially on mobile devices, have no “hover” function, only a click or a click-and-hold. Rats!