We recently handled an incident response case where our client was infected by malware which was delivered by email. The client plead ignorance, and asked “how can we tell what is real and what is a virus?” Here’s a quick tip to do just that!
For starters, several email clients and web browsers will show you the address of a link before you click on it… provided you take a few seconds and look before clicking! Most people just click away without giving a second thought, which is like running out across the street and then, if ever, looking to see if there is any oncoming traffic, so try to resist that urge and put safety first.
Here’s a sample “LinkedIn” notification I just received.
Hm. It looks pretty official! The grammar isn’t bad, the copyright looks real, and it claims to be from a “linkedin.com” email address. But notice how my email client even suggested that it may be a scam? That’s interesting… I wonder why. What happens when I hover my mouse over one of the links?
Whoa! Look at that address at the bottom of the window! “http://184.108.40.206/beloved.html?” That does NOT look like LinkedIn.com to me! Straight to the “Junk” button at the top of the window to report it as spam and move on!
Most web browsers, if you are using a web interface such as Gmail, Yahoo, Outlook, etc., will show you a preview in the lower status pane of the browser window as well. However, Internet Explorer and Safari often seem to have this turned off by default. If that’s the case, it’s usually just a matter of clicking the “View” menu, and then choosing the option to show the “Status bar.” Try it, and next time you’ll be better prepared to fight the online scammers who want your money.