Is The Link You’re Clicking On Safe?
Michael: Hi, Michael McKinnon, Security Advisor at AVG. “What is a bad link?“
We’re always telling people, “Don’t click on this link.” “Don’t click on that link.” “Be careful what you click on” it’s a really hard thing to do often, so what I thought we’d do is look at what exactly is a link?
Links, also known as URLs which is an acronym for Uniform Resource Locator are things that we click on to take us to websites. I’m sure you know that much by now, and I’m sure that’s how you got here, but let’s look at the individual parts of the link to understand how they’re constructed so that we can better protect ourselves in case we need to click on them and kind of look at what is contained inside them.
So, first of all the first part which you’d be familiar with which is http:// or with the ‘s’ https this is a reference to the protocol for accessing the web page. Without the ‘s’ it is unencrypted, with the ‘s’ it is encrypted and generally secure, understand that first and foremost.
The next thing we’re going to focus a lot on here is the host name. This is the web address to the server or the computer with which you are accessing and where the website lives that you’re accessing. The next thing is the resource. This is often the web page, the name of the web page and might end in .php or .html and it refers to the resource on the website that you’re accessing.
The next part is the query and often comes after the question mark and it refers to some extra information that can be added that might change what you get back from that website. So, a couple of things I just want to reiterate here. The difference between http and https is absolutely huge, even though it’s only that ‘s’ whether it’s there or not.
The next thing I want you to get used to is looking for the forward slash which is right between the host name and the resource. This is important so that you can understand exactly what the host name is. The next part is the question mark; understand where that fits as well. So that in your mind, you can quickly look at any link or URL and break it down piece-by-piece.
So, let’s look at some practical things we do, now that we know how URL’s are constructed, things that we can look for that can potentially help us not click on bad links.
The first thing I’d suggest is the country code of the host name. So, I’ll give you an example.www.avg.com.au that is a host name and the .au part refers to the country, Australia. So, have a think about the implications of that when you’re clicking on a link and see if you can work out what the country code is. In some cases, things like .com or .net they’re not country codes, they’re just assumed to be generally United States but you have a more global sense about them these days.
But, what I want to refer to specifically are things like .ru for Russia for example, .cn for China and I’m not saying those countries are necessarily bad but, there is a higher likelihood that those types of links can be quite malicious. So, if you can identify those country codes you have a better chance of being able to prevent yourself getting infected.
The next thing you can think about is how long is the link that you’re about to click on. If it is really long and really hard for your mind to work out which part is which, perhaps its best to leave it alone.
The next thing is to understand some of the current exploits that are around. So, one of the current ones we have are WordPress web sites which are literally infecting the world with links that are being distributed that belong to compromised WordPress sites. And, one of the things that you can look for in many of the current malicious links is this term ‘wp-content.’
Now it’s not a hard and fast rule and there is some discretion required here but, in general situations, especially out of spam emails, this appears to be quite common at the moment. And, I guess what I’m saying here is that over time, you’ll adapt your own way where you can evaluate whether links are good or bad.
So, there really are a lot of other strategies you can use and I’m just touching on a few here. I really encourage you now that you know how this works to take this forward.
I’ll leave you with two final tips and that is to always look at the link hovering over it and make sure what you’re clicking on and lastly, run an Internet Security solution that has some link scanning capability likeAVG which is going to look for a lot of this stuff for you automatically and prevent you actually hitting a malicious link in the first place.
For more information please visit our website www.avg.com.au. Thank you.
Have you ever clicked on a bad link? Share your story with us here on the blog.