Who Still Clicks on the Link?!
No one wants to be known as “that person”
I recently was recommended a video on YouTube for a piece of stand-up by comedian John Mulaney, which was fantastically funny. His dry delivery tone coupled with the intelligent approach to comedy he uses had me rolling, so when YouTube went to auto-play another video of his I didn’t bother to stop. This went on a while primarily because it was hilarious (which reminds me of mountains — because mountains aren’t just funny; they are hill-areas — I’m so sorry…no I’m not), and because I have YouTube Premium which doesn’t show ads (best $15 I spend a month for the family). At one point, this great bit came up about email viruses (go ahead and watch it and the bit about Back to the Future, its great. I’ll wait):
It’s always the most direct comedy that gets me. Because in this case, we all know that person who blindly clicks on the links they get emailed to them. They don’t care if the link, as Mulaney describes, looks like a physical virus, all they know is that it was sent to them by someone they know, so it needs to be clicked on.
Turns out, despite all of our advances in security and all the education that we assume that everyone knows, most “hacking” of our accounts and devices comes not from a specific hacker targeting us, but from people sending out massive amounts of links that they hope will spread and get people to click on them. From there, they can download viruses and other tools onto the person’s device to automatically harvest information and/further spread the virus.
I used to chuckle on Facebook or whatnot when someone would yell that they were hacked and didn’t post the porn that appeared on their Timeline or forward that link to all of their friends, but the humor of it has worn off (for the most part, its still kinda funny when your aunt posts a hunky Australian firefighter pic and then claims to have been hacked). The truth is, these people just happen to click on a link that they shouldn’t have (and then get too embarrassed to fess up). So outside of publicly shaming people who clicked on a malicious link, lets instead do what we can to educate others on how to spot dangerous links and avoid the situation altogether.
While this isn’t fool proof, as Mulaney pointed out, the first step is to ask yourself if you know the person sending the link. If not, then that’s a super quick and easy way to instantly determine that you shouldn’t be clicking on that link. Granted, that’s more difficult if you work in an email intense workplace, since chances are you’ll be dealing with outside people whom you don’t personally know, but for the sake of this article, asking if you know the person is a great first step.
Another quick way to determine if a link is safe is to examine the link itself as there are often several quick tells that can tip you off. With most browsers, you can hover (like what you do in the stall at that shady Eastern Colorado truck stop — you know the type) over the link with your mouse. Most browsers these days will show you what the URL (actual address) is somewhere on the screen, usually the bottom left corner like in Firefox and Chrome. Do a quick scan for a couple important indicators:
- Does it have https at the start of the link? If it does, then that means that the site has gone the extra step to ensure that the site is encrypted (protected). While this isn’t the final say since malicious sites could have https sites, if the link isn’t https, then just don’t bother clicking on it.
- Is the website misspelled? Most people will quickly skim over links and not notice that there are three o’s in Gooogle, or that Facebok is missing one.
- How is the link structured? You don’t need to scan the whole link, but the beginning is important. Ensure that the link is structured in a way that has the website name followed by .com or .org, etc at the end of the first part of the link. For instance Google Photos should be https://photos.google.com, not https://google.photos.com. The companies name being in the wrong place, or longer than normal, like https://photos-google.com is a big tip off that something isn’t right.
If you still feel off about a link, you can always use one of the many safe website checkers out there. While Google isn’t exactly privacy focused, they do offer a free and powerful website safety checker called Transparency Report. Simply right-click and copy the link you want to have checked, and go to https://transparencyreport.google.com/safe-browsing/search (granted its faster to just google “transparency report google” than remembering that link, but still) and paste the link into the field on the screen. Google, which is pretty darn good at scouring the web, will report back and let you know if the link you have is safe to go to.
Finally, and this seems like a given, but since many of us have issues with actually asking people somewhat difficult questions, I’ll point out that you can always just quickly ask the person sending you the link if they meant to. This is the approach I take on Facebook since Messenger is designed for quick messages and replies. “Hey man, just checking, did you mean to send me this link to order the 2020 Australian Firefighters Calendar?” (why is this coming up so often in this article…). I would much rather deal with the awkwardness of asking the question to the sender than to click on a bad link and deal with the fallout from it.
I hope these tips can help you more safely enjoy the web, and most importantly, not be that guy that others know as the guy who sends out malicious links because you clicked on one you shouldn’t have.
Stay safe out there.
