Tech Sense: Look Before You Click
Posted by Claudio Caballero in Technology, tags: Tech Sense, Technology
Progress in technology always brings about new kinds of dangers. Crossing the street must have become a frightening experience for a fair percentage of the folks who lived through the transition from horse-drawn to motorized vehicles, but soon every 5-year old knew enough to look both ways before they cross and pay attention to traffic signals. Education and adapting your behavior are the key.
The security dangers posed by the Internet are no different. By now (hopefully) we’ve all learned not to open email attachments we weren’t expecting (even if they appear to come from friends).
But a newer and more subtle danger is deceptive web links in emails and on web sites. But, like the simple rule about looking both ways, there’s also an easy way to mitigate this danger as well.
The key is to understand that the text of a link doesn’t necessarily have to match the actual web “destination” (the technical term being a URL, Uniform Resource Locator). So, if I want to link to CNN, I can make the link text match (http://www.cnn.com/) or use some other text (CNN).
The malicious links are crafted to appear like that first link that shows the URL as the text (let’s call this a “bare link”), but the actual URL is a different site that is a fake version of the real site shown in the text. So, how can you detect this subterfuge?
Every web browser and email program has a feature that shows you the URL of a link when you hold the mouse pointer without clicking (called hovering) over the text. So, for instance, this fake bare link to Citibank can be easily detected: http://www.citibank.com/
So, anytime a bare link’s destination URL doesn’t match what looks like the URL in the text, don’t click it. It’s as simple and common-sensible as looking before you cross the street.
Entries (RSS)