Can I trust the links in emails?

Short answer: possibly not. But some precautions can help reduce the risk of visiting somewhere online that you’d really rather not go to.

If you have not done so before please refer here first: https://www.kent.ac.uk/itservices/secure/email.html

A very common ‘vector’ for malware, phishing, and other forms of email trickery is the embedded link within an email. This may look innocuous and might seem to point to a trustworthy site that you have used before. Poor spelling and grammar can be give-aways that sound the alarm but the fact that an email “looks okay” shouldn’t lull you into a sense of false security.

A good way to find out more about where a link really leads to is to hover over the link… but the results may vary depending on the software and device that you are using. It can be more of a challenge on mobile devices, for example.

In this example (from Outlook) hovering over the embedded link shows us the destination address is somewhere other than the destination suggested in the text of the link.

 

When using Outlook Web Access (OWA) you can also see where a link leads by hovering over the address… but the result appears in the lower corner of the window… which is not very helpful.

 

Web mail services like Gmail may also display the unobscured address in a corner of the screen some distance from the link itself. (The lower left corner again, in this example.)

Use Message Preview in Outlook to get a view of the sender’s real email address. It may also display links contained in the first part of the email, depending on whether you have set the preview length to 1,2, or 3 lines. The preview will include the unobscured address rather than just the textual content of the link, as shown below.

 

Because the people who create spoof emails know that some of us are wise to their tricks they may obscure the URL using a service like bit.ly or tiny.url. These are legitimate and very useful tools: particularly for simplifying the presentation of web addresses that are rather long and complex.

To find out the longer URL, and to make an assessment of whether or not to trust it, try searching for a URL expander site like http://wheredoesthislinkgo.com/ and copy the (short) URL into the site’s search tool.

Here’s a sample result: 

 

Leave a Reply

Your email address will not be published. Required fields are marked *