Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safety on clicking on links within email


  • Please log in to reply
13 replies to this topic

#1 wayne937

wayne937

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 October 2011 - 08:37 AM

I think I know the answer to my question here, but I would feel better hearing from the experts. A lot of times I get e-mail with links to websites within my e-mail wanting me to check out certain things. I am certain that most are legitimate. Is there any definitive way a person can check these links to see if they are safe before clicking on them? I am reluctant to click on them. I usually will not click on them since I don't have any idea where they will take me. Thanks.

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 28 October 2011 - 09:58 AM

There are several tools on the Internet to validate links, but like AV products, they don't offer 100% guarantee.

One example is VirusTotal's URL checking service: https://www.virustotal.com/#url-submission

How do you read e-mail: via an e-mail client or via a browser?
And do you use HTML or text e-mail, or don't you know?

Edited by Didier Stevens, 28 October 2011 - 09:58 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 October 2011 - 11:14 AM

Didier, I use MSN Premium for my e-mail client. I read my e-mail directly from the e-mail client. It will not allow any dangerous extensions to come in. It will block them. However, when these links arrive in my e-mail, they are not blocked. I feel the majority of them are safe, but there are always exceptions to this rule. Most of them comes from my friends. I would never click on one that would come from a stranger.I know the different between text and HTML. Without looking, probably could not find it now anyway, I think I have it figured for HTML. I am happy with the way it is so I leave it alone. I thought there might be some simple way of determing if these link are safe. I am currently using Microsoft Security Essentials which this forum says is ok to use. If it is too much of a problem, and cannot guarantee 100% security, I will just not open these links. Thanks for your reply.

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 28 October 2011 - 11:27 AM

No problem.

I was asking about HTML to eventually warn you that in HTML, the displayed link and the actual link can be different, but from your answer I'm assuming you know this.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:40 AM

Posted 28 October 2011 - 11:31 AM

In addition to Didier's excellent reply you could copy and paste any suspicious link to AVG's LinkScanner Online

If you'd rather be safe than sorry, enter the URL of the site or web page you want to visit in the box below. Our free LinkScanner Online service will visit the URL in a controlled environment on our servers. LinkScanner Online will inspect it in real-time for whether it is hiding any exploit code and, if so, what exploit.

Use LinkScanner Online to inspect:

  • Links forwarded by friends
  • Web sites displayed on search results
  • Any link with suspicious characters or web site you have never visited


The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 October 2011 - 11:52 AM

I think I have heard this, but to tell you th truth I had forgot about it. I have always felt that the hypertext markup language was the best way to go in e-mail. Now remember, some of these links will only give you one word to click on. This scares me more that anything else. You don't know what the link is until after you click on the word and then it takes you to that particular website. I think I will refrain from clicking on these links. Thanks to all of you. Animal, I added the AVG link Scanner to my favorites. Thank you very much.

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 28 October 2011 - 01:35 PM

It is often used in Phishing e-mails to mislead you. They display the link of your bank, but the actual link leads to their phishing site.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 October 2011 - 02:32 PM

Didier, I am too scared to do online banking. We do everything by check, or credit card. The folks writing this stuff is a lot smarter than I am when it comes to software. It seems like there is not much they can't do so I will just bow out and let other folks do it. I have never written code, nor will I ever at this late stage in my life. I have heard of phishing but I must admit I don't really know too much about it even though I have read up on it some. Thanks for all the good information, Didier.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 PM

Posted 28 October 2011 - 03:48 PM

I have heard of phishing but I must admit I don't really know too much about it even though I have read up on it some.


Phishing is an Internet scam that uses spoofed email and fraudulent Web sites which appear to come from or masquerade as legitimate sources. The fake emails and web sites are designed to fool respondents into disclosing sensitive personal or financial data which can then be used by criminals for financial or identity theft. The email directs the user to visit a web site where they are asked to update personal information such as passwords, user names, and provide credit card, social security, and bank account numbers, that the legitimate organization already has. The term Phishing, sometimes referred to as brand spoofing or carding, was derived from the sport of "fishing". The idea being that enticing bait is thrown out to lure or tempt someone into biting it, then setting the hook to make the catch.

Spear Phishing is a highly targeted and coordinated phishing attack using spoofed email messages directed against employees or members within a certain company, government agency, organization, or group. These fraudulent emails and web sites, however, may also contain malicious code which can spread infection.


You may also want to read over a few of these articles:

Email Attachments: How to Protect Yourself:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 29 October 2011 - 09:02 AM

Thanks, Quietman. I always enjoy you great answers. I'll read through some of the things you have suggested.

#11 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 29 October 2011 - 10:07 AM

On more question. When you get a click here to see this, or that, it may only be a word they want you to click on, not a full website. At least this has been my experience. Then what do you do, just delete it? I don't believe hovering over it, or a right mouse click, will sho you the full website.

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:40 AM

Posted 29 October 2011 - 10:55 AM

Right click > Copy link address. Then open AVG Link scanner and paste the URL you just copied.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 29 October 2011 - 11:33 AM

Animal, thanks. I will try that the next time I get one of those links that has just one word to click on instead of the whole address.

#14 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:40 AM

Posted 29 October 2011 - 12:45 PM

You're quite welcome.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users