CITS

Take a Closer Look Before You Click

May 20, 2015   |  By Chris Phillips

To protect yourself as you read email and surf the web you need to know where a highlighted link is really going to take you if you click on it, compared to where you expect to go.  Links and their associated addresses can be misleading.   Email sent by phishers and hackers may contain links that look like they go to familiar, expected locations--but they really don’t.   In the world of network security, a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage is called spoofing.

Do you know how to tell an authentic web link from a fake?

Here is an example:  If you see "Click here" in an email message you can examine where that link goes by placing your cursor over the link and holding it there for a moment (“hovering”) without clicking.  Try it on the link just given.  Your browser will show you the actual link address.   Will this link take you where you were expecting to go?  It is also possible for the named destination webpage to then send you off to a different page, so you should check at the top of your browser for the actual web address of the page that you end up viewing. 

Instead of “Click Here” or some other underlined phrase you may see an actual URL (web address) such as this in an email message: http://someURL. But just like a "Click Here" link, an address link may actually take you to someplace unexpected.  Put your cursor over the link just given, without clicking , and your browser will show you where it will really send you.  Is this someplace you would want to go?

Web page addresses have this general format:

http(s)://website name.umaryland.edu/file/path/filename.ext?parameters

Notice the punctuation around the website name:  a colon and two forward slashes (://) immediately before the website name, and a single slash (/) immediately after the website name.  Any valid website name at UMB will end with "umaryland.edu," and be located immediately after the double slashes and before the first single slash.  And as you know, sometimes the http(s):// part isn’t shown; the web link name you see might just start with the familiar “www.”

Here’s another example.  The following two links look the same -- but are they?

www.umaryland.edu/cits

www.umaryland.edu/cits

You know the test:  If you hover your cursor over a link without clicking on it, your browser will generally display the address that the link really goes to, regardless of what the underlined text in the link name says. 

You need to be on guard against attempts to fool you into believing that a certain link goes to a safe, familiar site instead of a criminal or hacked site.  As explained in the umaryland.edu example above, the rule is: The real host name always appears immediately after the double slashes and before the FIRST single slash.  Hackers may build a webpage address with a familiar hostname just before a SECOND single slash in an attempt to get you to believe that their malicious site is one that is familiar to you.  If you see "umaryland.edu" between a first and second single slash, or anywhere else in the whole address, it may be a distractor to make you think you are going to a UMB webpage when you are not.  

This is the generic format:  http(s)://real websitename/umaryland.edu_distractor/parameters.

Here is an example of a legitimate UMB website address:   https://www.umaryland.edu/cits.

The same rule holds true if you are expecting a link to a webpage address on any other website that you may be familiar with.  For instance, if you are expecting to go to PayPal, Amazon, Gmail, or etc., always look for that familiar website name immediately before the first single slash

Hovering before clicking and checking for a familiar hostname in the correct position in a website address will save you from a great many scams and tricks offered in your email and on the web.