Attacks on your computer system are worse than ever. Headlines of new system compromises appear every day. Although advice is plentiful, it can be daunting when you are faced with all the things you need to do to protect yourself.
Right now, however, the most likely way you’ll fall victim is by clicking on dodgy link in an email.
This is called ‘phishing’ and it accounts for most unsophisticated system breaches – in other words, the stuff that you and I are most likely to get caught out by.
If you can be alert to those nasty phishing emails then the chance of getting hacked drops dramatically.
And there is one simple tip that will help you protect yourself
At its heart, a phishing email contains a link that the attacker wants you to click. That link is commonly hidden behind a button or made to look benign in some way. The ‘real’ destination of the link is hidden from you.
However, it’s not that hard to uncover the destination. You just need to know this simple technique – the mouse-over.
Use ‘mouse-over’ to uncover the real destination
If you hover your mouse pointer over a link, its full address is revealed – usually in the bottom left hand corner of the screen. Try it with this link:
You should see the real link destination as www.dodgy-website.co.uk.
Of course, a lot of the time we are looking at emails on our mobile devices. To reveal a web address you have to press and hold the link. Warning: Make sure you don’t just press the link and let go. Otherwise you’ll be doing exactly what the attacker wants. Holding your thumb or finger down until the address pops up is essential.
A real example
Below you will see a phishing email sent to me, supposedly from Paypal, promising to “Resolve the Security Issue”. When I hovered my mouse over the button the underlying link appeared in light grey at the bottom left-hand corner (you might need to zoom in to see it).
But how do I read a web address?
When I show this tip to people the next thing they want to know is how to make sense of the web address that is revealed. The key here is the ‘domain name’.
Below you can see the full address of our website broken down into its parts. The domain name portion is evolvecomputers.co.uk. This is a valid address and you can double check by typing it into Google and reviewing the search results.
If the domain name doesn’t match that published by the supposed originator then you know something is wrong. Definitely don’t click on the link, and delete the email for good measure.
Its not always that simple, of course, and attackers will use the ‘sub-domain’ to add confusion. In the following image the sub-domain makes it look like the link goes to Evolve Computers, but the domain name – dodgydomain.co.uk – reveals the true destination.
To recap, then:
- Being alert to ‘phishing’will protect you from most threats
- If in doubt, mouse-over to check the web address
- On a mobile device press-and-hold the link to find the real destination
- Still not sure? Call your IT company