Skip to Content
© Marchmeena | Dreamstime.com
Safety & security

Don’t click any email link or web link before asking these questions

Following a link in an email, text or on certain websites is always a bit of a gamble. On the other end of the link could be the information you want to see, or it could be a malicious website, virus-filled download or inappropriate content.

Of course, we’re talking about phishing attacks. That’s when cybercriminals email, text or post malicious links online hoping to trick victims into clicking them so they can rip them off. These types of attacks have really picked up during the COVID pandemic. Tap or click here to find out why scams are rising.

We always recommend not clicking links found in emails or texts unless you’re 100% sure they’re safe. But even links sent from sources you may trust can be malicious now that scammers are great at spoofing. So how do you know when it’s safe to click? There are some important questions you can ask first that will give you a good idea if the link is safe or not.

1. Where did the link come from?

Perhaps the most important question you can ask is how you got the link in the first place. Was it in an unsolicited email or text message? Did you get it in a Google search? Was it in a friend’s Facebook post?

RELATED: See a tricky password-stealing scam in action

As a rule, if a link is unsolicited, you don’t want to click on it. Hackers send out malicious links in emails and texts daily. They’re especially good at putting links in emails that look like they’re from legitimate companies. If the link is from someone you know, check with them first to make sure they really sent it, and that their account wasn’t hacked.

Links you find for yourself are going to be safer, but you still need to be cautious. A Google search is a good example. Hackers use a tactic called “search engine poisoning” to get malicious links to the top of a Google search for popular words and topics.

The same goes for Facebook. In general, links your friends post are going to be OK, but one of them might have been tricked into sharing a malicious link, or they installed an app that does it for them. Keep reading and we’ll look at some other questions that will help reveal those dangers.

2. Why am I clicking the link?

OK, this question sounds philosophical, but we’re not actually asking “why” you do things in the general metaphysical sense. We’re asking you why you want to click on that particular link.

Is it out of fear that something bad will happen if you don’t? Are you responding to greed or anger? Is it out of lust? These are just a few of the triggers that hackers use to trick you into clicking.

For example, an email might say your bank account has been hacked and you need to click right away and enter your information so the bank can get your money back. Maybe you see a post on Facebook saying you could win the lottery or get a brand new expensive tech gadget for free.

Perhaps it’s a political post that asks you to sign a petition against something that makes you angry. And don’t forget the ever-popular promise of racy images or video on the other side of a link.

If you find yourself on the verge of reacting out of emotion, take a second and really think about why you’re doing what you’re doing. You might realize that you’re being manipulated. And we’re about to tell you how you can know for sure.

3. Does the link look right?

Web links follow certain rules. That means you can often tell at a glance if one is on the up-and-up. The biggest tip-off is the domain name. For example, the domain name of my site is “komando.com.”

It might have a prefix, such as “www.komando.com,” “news.komando.com,” or “station-finder.komando.com.” Or it might have a suffix, such as “komando.com/how-tos” or “komando.com/news.” But no matter what, “komando.com” is going to be the centerpiece of any link on our site.

So, if you got an email claiming to be from Komando but the link was “www.somethingelse.com/this-is-fake” or even “komando.somethingelse.com/also-fake” or “somethingelse.com/komando,” you know something is up.

Sometimes this can get a little tricky. For example, Google’s shortening service is “goog.le,” but on the whole, it’s a good thing to check. However, there are a few more tricks hackers like to pull.

You may also like: This search engine doesn’t track you like Google does

Earlier, we mentioned search engine poisoning where hackers get malicious links to the top of a search results page. If you’re doing a Google search, look just below the page title in the search results to see where the link is coming from. If you’re looking for a page on one company’s site, and the link is to another site, then proceed with caution.

Another trick is that the text of a link and the link itself doesn’t have to be the same. In an email or online, you can hover your mouse cursor over a link and then look down in the lower part of the screen to see what the link really is. You can also right-click on the link, choose “Copy link” or “Copy link address” and paste the link into a word processor to see what it really is.

Sometimes you’ll run into shortened links, especially on Facebook and Twitter. These are often legitimate links, but it will just show bit.ly/123456, goog.le/123456 or t.com/123456.

In general, as long as the person posting them is legitimate, you’re OK. If it’s a random account you stumbled on that doesn’t have a lot of followers or is posting nonsensical information, be more cautious. Of course, sometimes it helps to get a second opinion.

4. Is there a second opinion?

Sometimes when you’re in a rush, you don’t always check links as thoroughly as you should. Or maybe you think a link in a Google search or on a website is bad, but you aren’t sure.

Most security companies have software that watches links and lets you know if they don’t go where you think, or if other people have reported them as being a problem. Check your security software to see if it has a URL reputation system you can enable in your browser, as most do.

5. What’s on the other side?

If you’re even a little suspicious of a link, you shouldn’t click on it. Better safe than sorry. And if it’s information you really need, you can usually visit a company’s site directly to find it, or look it up in a Google search.

However, sometimes you’ll click on a link and wind up in a place that sets off red flags. Maybe the site isn’t the company site you were expecting; it might look like it was thrown together, or it could pester you to enter information you know you shouldn’t give out.

Remember, it’s always OK to walk away. Close the browser tab and go find the information somewhere else.

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook