How to avoid malicious hyperlinks and practice link safety

used with permission from Tektonika (HP)

Whether it’s in reference to an interesting article or information on a great new restaurant, “send me the link” is a commonly used phrase in the internet era. This is equally true in professional circumstances, where coworkers communicate and collaborate as a part of their jobs. In today’s threat-filled environment, where large and small businesses alike are facing unprecedented cybersecurity attacks, link safety is an essential part of employee security training.

CyberEdge Group’s 2019 Cyberthreat Defense Report found that 78 percent of networks had been breached in the previous year and that malware, ransomware, and spear-phishing “cause the most headaches.” In a separate study, risk advisory firm Willis Towers Watson found that 90 percent of breaches were enabled by human error. Any seasoned IT pro worth their salt knows how to recognize malicious links, but the average employee likely does not, and one wrong click can have devastating consequences.

Basic employee security training generally involves coaching employees on picking out suspicious attachments, but that training is incomplete unless link safety is also on the agenda. Emails with malicious links are just as much of a threat as emails with malicious attachments. There are a number of tips and tricks to keep in mind when trying to determine whether a link is safe.

What to look for—and avoid—in a link

When it comes to link safety, context is key. The contextual factors of a link provide key clues as to whether it’s safe, so start by asking these simple questions.

First, does it come from a trusted contact or domain? Do you know who sent it? Next, consider whether the link was expected and if the message attached to it makes sense. Does the message include a signature? Are there frequent spelling or grammatical errors in the message? If a link seems out-of-the-blue, unsolicited, or out-of-character coming from the sender, it’s wise to be wary. For instance, if you receive an unsolicited email from your bank asking you to verify your account information by clicking on a provided link, go directly to your bank’s website instead and check there for any notifications.

After considering the context, look for information within the link itself. Does it include a misspelled name of a trusted site? Our eyes tend to scan online information quickly and may not pick up if two letters are reversed or if there is an extra letter, so examine the link carefully. If the link is much longer than it should be or has many odd characters, steer clear. Hackers like to use URL encoding to mask harmful content in links.

Review the full link

One tip for examining a link is to hover over it with your mouse and view the full URL before clicking. Chrome and Firefox, for example, display the hovered-over URL in the bottom left corner of your browser window. You can also right-click a link and select “inspect” to view the full URL. If you’re on a mobile device, try tapping and holding a link—from the resulting options, you should be able to view the URL or copy it, at which point you can paste it into a text field to see it.

Shortened links can also be red flags. Phishers and malware distributors use them to hide where their links actually lead. A site like CheckShortURL can show you the full link before you click. Another valuable tool for ensuring link safety is a link checker. Services like Norton SafeWeb, Google Transparency Report, URLVoid, and ScanURL can check a link against their records to help you gauge its legitimacy.

Beyond clicks

Beyond the links themselves, there are additional security steps that individuals and organizations can take to ensure link safety. Keeping all of your anti-malware and antivirus software up-to-date is a big one. Every employee, whether they work in IT or not, can protect themselves and their employer by researching and supporting up-to-date network security that auto-filters user activity against threat databases. Every endpoint matters, so investing in devices with embedded security capabilities, like HP printers, can contribute much to the security of the entire network. In the event of an attack from a malicious hyperlink, self-healing printers can help to keep your print environment up and running.

Finally, in addition to offering link security training, it can be a good idea to review the characteristics of a safe website with your colleagues. If an employee does wind up somewhere suspicious, they should know to look for clues like the encryption icon in the URL bar, Trust Seals, and legitimate organization details like addresses and contact info.

Armed with these simple tips and some healthy skepticism, anyone can identify and avoid dangerous links on the web.