Call now for cybersecurity help: 888-646-1616
Josh Ablett

Do you know the most important phishing tip? 20 people didn't.

December 1, 2020

The best phishing tip? It's simple and it works!

Last week, we were sitting in a conference room with 20 people.

These were smart people. All highly educated. They all use computers every single day.

We were talking to them about ways to keep safe online. The conversation ranged from phishing to ransomware to staying safe at home. It was fun to be with a group of smart people who asked good questions.

In the middle of a discussion on phishing, we casually mentioned this one key tip. We got a ton of blank looks in the room. When we asked, the folks in the room admitted they had no idea what we were talking about.

So we pulled out the computer and showed everyone. Now we're going to show you this same trick.

This is one of the most important things you need to know to stay safe online.

The Most Common Phishing Tricks

Most phishing emails are trying to trick you into doing one of two things:

(1) They trick you into opening a file, or
(2) They trick you into clicking on a link.

The problem is that you have no idea what's going to happen until you click or open.

Until now.

Using this trick, you can take a quick peek into the future before you click a link.

Our favorite phishing tip: The Link Hover

Every single email program and web browser out there has a way that you can see where a link goes before you click on it.

All you have to do is hover your mouse over a link, but DON'T click on it.

First, let me show you how this works on a web page. This is an article we wrote recently about Wannacry ransomware. See the link on the page?

If I hover my mouse over the link, the destination pops up in the lower left-hand corner. Take a look...

important phishing tip browser link

See? Now I can see the future, before I click.

The example above is in Google Chrome. But this works in Firefox...
important phishing tip firefox

It's even easier to see in email programs like Microsoft Outlook...
important phishing tip microsoft outlook

For some stupid reason, Apple's Safari hides this. You need to turn it on. Thankfully, it's easy.  In Safari, go to the View menu and select "Show Status Bar." You'll see it appear in the lower left-hand corner.
important phishing tip apple safari

How the Link Hover Fights Phishing

Now let's take a look at how to use the Link Hover to spot phishing attacks.

We've gotten some nasty ones in the inbox over the past few weeks, so we've got a live example ready to go.

Here's a real scam that just came in. It looks like it's coming from Costco. Take a look...

important phishing tip costco phish

If I use the Link Hover on any of the links in the email, though, they tell a different story.

important phishing tip costco hover

Here, let me make that link a little bigger for you...

important phishing tip costco link central african

Yeah, so that's NOT Costco.

In fact, if you dig a little deeper, you can see that the .CF website means that it might be a website hosted in the Central African Republic.  Here's the Wikipedia article:

important phishing tip costco central african republic

I highly doubt that Costco has decided to outsource their gift card surveys to some random company in central Africa.

Always compare the email with the links that you expect.  If you get an email from Facebook, the link should be to Facebook.  If you get an email from Paypal, then the link should go to Paypal.

Taking an extra second before clicking a link could save your computer (and your business) from a disastrous week.

Pro Tip - Is it bad?

If you get an email with a weird link, it's best to leave it alone.

If you're curious, though, there is a way you can see if the link might be bad.

First, you need to copy the link without opening it.  The easiest way to do that is to RIGHT-click on the link, and then select "Copy Link Address."

important phishing tip right click

This may be called something slightly different in other browsers, like "Copy Link Location" or "Copy Link."

Now, with the link in your clipboard, head on over to VirusTotal.

If you're not familiar with it, VirusTotal is an excellent free resource provided by Google.  You can scan any file or link against 57 different virus scanners, all for free, to see if they're bad.

Here's the thing, though -- if something comes back as clean, that doesn't necessarily mean that it's safe.  Virus scanners are great at finding older attacks, but have a hard time finding brand new, never-before-seen attacks.

Head to VirusTotal, and click on the "URL" tab.

Then, simply paste your weird link in the box and click "Scan It."

important phishing tip virus total

In a few seconds, VirusTotal will come back and tell you whether the site has been flagged in any anti-virus systems..

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!

Leave a Reply

Your email address will not be published. Required fields are marked *

Do you think we might be a
good match?

We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity.
About
Blog
Copyright 2024 Adelia Associates, LLC | All Rights Reserved