To Click or Not To Click: Tips to Know if a Link is Safe

A person facing their computer, with their hand on the computer mouse and ready to click.

For many years now, email has been the most common way for cybercriminals to infiltrate networks, plant ransomware, and steal data. In fact, in 2019, Verizon reports that 94% of malware was delivered by email.

And while email security certainly has come a long way, cyberattackers are adapting to the changes as well.

Because it’s getting more and more difficult to upload a malicious piece of code to an email, attackers are shifting to different tactics—tactics that email providers will have a hard time figuring out. 


What You See Isn’t Always What You Get


One tactic that cybercriminals use is redirecting users to malicious web pages through malicious or hidden links. A common way to do this is by link cloaking or, in simple terms, disguising a link or Uniform Resource Locator (URL) as something else.

What may look like a link to your online bank portal could lead to a malicious site that steals your username and password the moment you enter them.

If you find a link in one of your emails and you’re not sure if it’s safe to click or not, here are a few tips that can help you make the wise and safe choice:

  • Hover over it

Hovering over a link means placing your mouse pointer over a link without actually clicking it. It may sound too easy to be a cybersecurity tip, but it’s actually a quick way to display the true destination of a link. 

Just hover over a suspicious link—the mouse pointer should change into a pointing finger—and check the target of the link at the bottom of the window. This way, you’ll know whether or not the link is taking you to the site you’re expecting it to.

  • Scan it

There are reputable websites that can scan a URL, analyze it, and let you know if it’s safe to click or not. They check the website that the link leads you to and inform you if the site has been reported for phishing, hosting malware/viruses, or other suspicious activities. 

Here are some of the trusted and most popular URL scanning sites:

To use these sites, you’ll need to scan the actual URLs and not the cloaked ones. To get the actual URL, you need to right-click the link, and then click Copy Link Address. You then paste it to the entry box on the site and submit it.

  • Expand it

URLs are shortened for a variety of reasons. It keeps the links looking neat, it saves space especially when there’s a character limit to a post, and it can help track metrics on who clicked or shared the links.

Unfortunately, a shortened link doesn’t display its true destination even when you hover over it. This is a problem because you won’t be able to know if the link will take you to the site you’re expecting it to…and it could lead you to a malicious site if you’re not careful.

What you can do is expand a shortened URL to see its original form, title, keywords, author, which search engines you can use to search it, and if it’s safe to click. Visit a trusted link expander site or download a trusted browser extension, and use them to unshorten the link.

Cybercriminals are experts at knowing the latest online security features and finding a way around them. This is exactly why you need to know what they’re up to so that you can keep a careful eye out for potential cyber attacks.

Although sometimes, keeping updated just isn’t enough. If you want to protect your personal and corporate networks from malware and phishing attacks, make sure you have the most secure technology at hand and the most reliable IT experts on call.


Get more cybersecurity tips straight from the experts.

Contact us now.