So, you’ve just received an email or a text message and the link in it seems suspicious. How can you determine whether the link is safe or if it’s a phishing link? While there’s no way to guarantee any link is 100% safe, there are some simple steps you can take to gain a better understanding of its potential risk.
Things That May Signal a Phishing Link
- It links to a suspicious root domain
- The link is masked by a link shortener
- You didn’t ask for it, it found you
- It’s from someone you don’t know
- It links directly or redirects to a file rather than a web page
- The link doesn’t match the root domain that shows up in the top of Google’s organic results for the organization’s brand name
- The link goes to a badly designed page, or the copy is written poorly
What is a suspicious root domain?
A suspicious root domain is one where the second-level domain and top-level domain do not match those of a reputable website. For example, in the link www.chase.com for Chase Bank, the word ‘chase’ is the second-level domain, and ‘com’ is the top-level domain.
One of the most common ways that attackers strike, is by creating “spoof” links that pass for, or at least attempt to mimic the real thing. These spoofs might use subdomains to imitate the legitimate link. Watch out for links that have added subdomains like: cha.se.com, or chase.anydomain.com. Be sure to double check for hidden additional characters, or lookalike characters as well: cha-se.com, or chas3.com.
To dig even deeper, let’s say you receive an email claiming to be from Chase Bank. Oftentimes with marketing emails from companies, the links in the email won’t go directly to their root domain. They will have strange URLs for tracking purposes that redirect to their root domain.
Before you proceed on a potentially suspicious site, ensure that the final URL you are brought to looks like this: www.chase.com/insert-example-page. Here is another good resource on some signs a website isn’t reputable to look out for.
What’s a link shortener?
A link shortener is simply a website that allows you to create redirects from a low character count root domain to any URL you choose. The most well-known link shortener is Bitly. URLs created on bit.ly allow you to easily look up where they redirect. You can simply add a ‘+’ to the end of the URL to find out where it will redirect you.
If you want to achieve something similar with other link shorteners, you will need to use a tool that will follow the redirects to the final URL destination and report it back to you (detailed below).
What to Do if a Link Takes You to a Login Screen
If a link brings you to a login screen, rather than inputting your credentials go to the homepage of the website of the service you want to login to. Login from the home page instead, then try clicking on the link and it should bring you to the internal page on the site that was intended now that you’re logged in.
If the link still brings you to a login screen and you’ve already logged in from the legitimate site’s homepage, then it is much more probable that it’s a phishing link.
What do I do when I see what I consider a possible phishing link?
Safely Copy Suspicious Link
Be very cautious when copying the link. If you’re on a mobile device, switch to a laptop or desktop to copy the link and investigate it there. Trying to do so on a mobile device is too risky, as you’re far more likely to accidentally click the link and follow through to the site.
The right mouse button and/or keyboard shortcuts are your friend—just be sure you don’t accidentally click the link.
Look up Final Link Destination
To determine if a link is a phishing link, figure out where it will ultimately take you and identify whether the root domain is reputable or not. Any link can be redirected to somewhere malicious, either through one redirect or a chain of redirects.
Copy and paste the suspicious link into httpstatus. Once you click “check status”, it will return the final URL that you’ll be redirected to.
Scan for the Final Link Destination
There are several solid options for scanning links to determine their safety. The following are some of the best options, though using multiple to verify each link is highly recommended. Enter the final link destination URL in a few of them to get a sense of whether the link is safe or if it’s a phishing link.
While these link scanning tools and the best practices that we’ve listed so far are helpful, there is no way to be 100% sure that a suspicious link is safe, so use them at your own risk. If you find that you’re still concerned about a link after following these steps, we have another post available with more technical information on SSL certificates and other methods of verifying a site’s safety as well.
And remember, if a link is at all suspicious and you don’t absolutely need to click on it, just don’t.
Have any questions about safely determining if a link is a phishing link or not? Don’t hesitate to reach out to us for help using our contact form.