Made possible by generous funding from
How to Preview and Avoid Dangerous Links
Links help us get around the web quickly and accurately. Clicking or tapping on a link causes an action, like opening a web page or initiating an email.
Cybercriminals use links extensively in their scams. In fact, most scams won’t work unless a scammer can convince you to click on a link (or make a phone call). Understanding links is a part of knowing the difference between a legitimate message and a scam.
What does a link look like?
You can identify links in emails and web pages both by context and by visual clues. The standard way of identifying a link that is embedded in text on the web is with an underline and color. The destination of the link may be visible, as in this link to Oasis oasisnet.org, or embedded in text as in click here for more information. Both can lead to the same web page. (Hover over the links and look at the bottom left corner of your browser to see where they go!)
Links also can be in the form of buttons or even pictures. The button with the text View details is a link in the example below.
The following link– irs.gov —doesn’t actually link to the IRS. If you are on a computer (laptop or desktop) hover over the link (place your cursor over the link and pause). DON’T CLICK THE LINK-JUST HOVER AND PAUSE. Now, look at the lower-left corner of your browser. See what’s actually behind the link (connections.oasisnet.org)? If you are on a mobile device, touch and hold the link. A popup will display showing you the link destination. This is how you protect yourself by previewing a link. If a message purports to be from your utility company, a known business, or the government and contains a link, preview it and see if the link actually makes sense. The video below shows the process, both with a computer and iPhone. Click to enlarge.
Links in text messages
In text messages, you can see the actual link. In the screenshot below the link is just a series of numbers and letters that don’t make any particular sense. A message from the post office might be expected to come from usps.com. Tapping this link (don’t try this at home!) opened up a phishing site doctored to look like an official USPS site. But the URL is from rewardsprogram and confirms that this is a fake notice.