麻豆精选

Malicious Links

One of the most common tactics used by scammers in their phishing emails is to insert a malicious link into their email. These links can be disguised in various ways to seem legitimate, and may even lead to a trustworthy platform that is being used to host dangerous content. In this article, you will learn how to identify malicious links and why clicking them can be dangerous.

(Click to enlarge)
Malicious Links Poster


Identifying Malicious Links

Whenever you receive an email containing a link that you are urged to interact with, there are a few things you can do before you click. First, on many mail clients, you can hover your mouse cursor over the link that you are being asked to click. If you are using a mobile device, you may be able to hold your finger on the suspicious link, and the true link will be shown on-screen or copied to your clipboard. NOTE: This functionality is not available on all phones, so check that your device can do this before you attempt it.

You can try this now! Hover over each link below:
/

The top link does lead to Kent State's homepage, but the bottom link takes you somewhere completely different: Google's homepage. A scammer can use this tactic to embed a link within certain text that makes it seem like you are clicking a link leading to a trustworthy page. In reality, you will be directed to wherever the scammer wants you to go to continue their attack.

You can also determine if a link is dangerous by using the context of the email. For example, if you receive an email from a sender you don't recognize, claiming that you have won a free cell phone and can claim your prize by clicking a link, this is a good sign that the email is a phish and the link is dangerous. You can read more tips about how to spot a phishing email here!

Malicious links can start with HTTPS or HTTP. A link starting with HTTPS does contain more security features than a link using HTTP, but this does not mean that an HTTPS link can't contain dangerous content. HTTPS only ensures that the information you enter into a website is encrypted in transit, and does nothing to guarantee that the website you are on is safe and legitimate. However, it is important to remember that any time you are entering sensitive information into a website, it should be using HTTPS.
 

What Happens When You Click a Malicious Link?

A malicious link can contain a variety of different contents, though all are dangerous in one way or another. The simple act of clicking a link can immediately install malware onto your system. Malware is malicious software that can wreak havoc on your device and result in compromised accounts or stolen personal information.

In some cases, this malware can gain access to whichever network you are connected to, as well as your contacts. It can use this network connection and/or contact list to spread itself through your organization. This poses a threat to not only you and your account, but to many other people in your organization.

Malicious links can also track who clicked them. This means that the scammer is now aware that your email address is being actively monitored by a human. Picture this scenario: you click a link that leads to a fake login page. You recognize that this page is fake and immediately close it without entering your credentials. Does this mean you are safe? Not entirely. Unbeknownst to you, the link you clicked contained a click tracker that can associate your click with your email address, location, or other information about you and your device. All of this data is now in the hands of the scammer, who may use it in future attacks on you.
 

What Do I Do if I Find a Malicious Link?

If you find a link that you believe to be malicious, or even if you aren't quite sure, do not click this link! It is safest to report the email or message containing the link to phish@kent.edu. Our team will analyze this link and let you know where it leads, as well as whether or not it is malicious. If the link is dangerous and was sent to you in an email, our team can remove this phishing email from our mail system.