Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Links in eMails


  • Please log in to reply
7 replies to this topic

#1 jfhorton

jfhorton

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 19 July 2015 - 09:25 AM

Is it safe to click on links in emails from known entities like Amazon or other retailers with whom you do business regularly?  I never open attachments unless I know the person/business.  But I always click on the links in emails from retailers or other sources I know. 

Thanks for your help.

 

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:44 PM

Posted 19 July 2015 - 09:44 AM

It is best not to do so as scam mails looking similar to legit businesses can contain malware links in it.

#3 jfhorton

jfhorton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 19 July 2015 - 09:46 AM

It is best not to do so as scam mails looking similar to legit businesses can contain malware links in it.

Thank you.



#4 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 19 July 2015 - 01:31 PM

You should only follow links in emails you ARE EXPECTING, or ones which are clearly relevant to you and give plenty of references within the text of the email that they are for you (so they have your actual name, not just a "dear sir")(they have details relating to something specific to your circumstances, "about your recent of order of (product you actually bought)").

You should NEVER follow links from emails which are from companies or organisations with which you have had no previous contact, these are almost always scams. Especially if the email is designed to scare you into urgent action, or to tempt you with the promise of vast sums of money, or contains spelling and grammatical errors.

You should also always check the exact email address that the email came from and make sure it sounds right, big companies will not use something similar to their name as the domain, they will use their actual name as the domain.

As a general rule support@[company].com probably belongs to the company but support@[company]supportfree.com could belong to anyone.

You can also use features in your webmail browser interface or email program to see the full original text of the message, this shows a list of all the servers it has passed through from sender to you, do any of them seem like somewhere which an email from a company shouldn't have gone through?

You should also always hover your cursor over the link, and look at the area in the bottom right hand corner of your screen to see where it is going, if the email is from a company you know and the link goes to a page on the company's official website that is generally safe, but if it goes to a bit.ly (or other link shortening service) link, or to some link with a very messy and unusual domain name then it is suspicious.

As an extra measure running a script blocker (like NoScript) and an antiexploit program (like malwarebytes anti-exploit) provide you with drive-by blocking protections if you follow a link which fits all the safety criteria explained above but still turns out to be malicious.

In the end, think of links like attachments, they have just the same potential for carrying infections, infact arguably they have MORE ability to carry infections because while most people know attachments can hold viruses many people do not realise that browsers where scripts and plugins are free to run automatically can be exploited.

If you set yourself a personal rule of "I will only follow links from emails which seem safe enough that, had these emails got attachemnts instead of links, I would feel safe opening such attachments" you should be alright.

Edited by rp88, 19 July 2015 - 01:33 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:44 PM

Posted 19 July 2015 - 01:36 PM

Script blockers and antiexploit applications won't do a thing against malicious emails since emails are not used for drive-bys.

As a general rule, don't click on links in emails and if you have to download attachments, check them to see if it's an executable hidden as a document file first. Just turn off Hide extensions for known file types.

If it's a document that requires you to enable macros to "view the full content", then that's a malicious document - do not enable macros, instead close it and delete it right away.

#6 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 19 July 2015 - 01:52 PM

Post #5, sorry when I saw the word "links" I considered it to mean links to webpages (and there have been exmaples of malicious emails which contain links to exploit drive-by pages), I hadn't thought of links being links directly to file downloads. But links can come in either form.

For links going to a page script and exploit blockers do offer protection.

For links going to a download then either do not perform the download, or if you know you can REALLY trust the email then "save" the download into a folder, DO NOT UNDER ANY CIRCUMSTANCES "open" the download there and then. Once the file is in the folder scan heavily with an antivirus and an antimalware program. Also make sure to show the file extensions so that you can check if the downloaded file has two extensions when you find it in the file explorer, if it has a double extension, or if it is exe or scr then it should not be trusted and should be deleted, DO NOT OPEN such files.

Edited by rp88, 19 July 2015 - 01:52 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 jfhorton

jfhorton
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 19 July 2015 - 03:38 PM

Thank you all for the good advice. 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:44 AM

Posted 19 July 2015 - 06:04 PM

You may want to read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users