Don’t Click That! The Dangers of Phishing Hyperlinks and How to Avoid Them
Sure, it can seem like a benign link that would take you to a trustworthy website, but that's how they trick you.
Cybercriminals have been plotting nefarious ways to scam internet-goers for their own gain for years. And hyperlinks in phishing emails and malicious sites have proven to be one of their most effective tools.
Globally, a whopping 40% of emails are spam with one or more of these bad links, and Americans, in particular, receive nearly 14 unsolicited phishing text messages each month.
What Does a Hyperlink Look Like?
It's important to note that phishing links don't just show up on your doorstep. They'll arrive by email or text message with a specific request. For example, you might get a text that looks something like this:
Dear Valued Customer: Please review, that at this
moment you are owed $150.000 , shipping errors for
the last 2 deliveries . Verify account information at
http://twrc-online-refunds.com/ to receive funds before
end of day
So, how can we tell this is a phishing attempt with a bad hyperlink? It starts with a hook—seeing "Dear Valued Customer" makes the recipient feel special and urges them to read on. Yet it doesn't use the customer's name the way a legitimate sender would.
Then there's an element of curiosity—the recipient sees that they are entitled to $150 for a couple of shipping mistakes, but there are no immediate details or explanation.
There's also a sense of urgency—the message encourages the recipient to click the link and input their financial information before the end of the day or risk losing the refund.
Finally, there's an unusual number of formatting errors. There are odd spaces between punctuation, an extra zero at the end of the refund amount we don't usually see in everyday transactions, and the word 'account' is misspelled.
You'll see the same things in email phishing scams—a hook that gets you interested, limited yet important-sounding details that pique your curiosity, and an urgent request to verify, update, or input sensitive information by clicking on a phishing link. And keep an eye out for those grammatical or formatting errors.
What Different Kinds of Phishing Scams Are There?
Though the goal of getting you to click on a 'scammy' URL or gateway is always the same, scams that use hyperlinks come in various types.
You might get notifications about a recent payment, account deactivation, unpaid invoices, or tech support. And beware of the 'giveaway winner' email or text message that invites you to click on a link to receive your reward.
In every case, the phishing link will take you to a lookalike website that mimics an official organization attempting to steal your information or download malware.
Email phishing is one of the most common delivery methods for these harmful links that can take the shape of highlighted text, a button, or even an image. All have been configured to link to a malicious file or site.
Smishing is a more recent form of hyperlink phishing, in which a deceptive text message is sent to the recipient with an urgent request that involves clicking on a bogus link. Why do they call it Smishing? Because texts are also referred to as Short Message Service, or SMS.
Spear phishing is a more targeted email or text approach that uses plausibly accurate information about the victim to manipulate them further. And whaling is spear phishing aimed at a high-priority target, typically carried out against CEOs, business owners, and other essential personnel.
How Can I Avoid the Pitfalls of Hyperlinks?
If you're a small business owner who uses email or SMS messaging daily, you will inevitably be exposed to phishing hyperlinks. But with this knowledge, you can stop yourself from clicking on them.
Be cautious if you receive an email or text message with a hyperlink from an unknown sender. Always verify the legitimacy of the sender before clicking on anything. Official-looking emails or hyperlinks with less-than-official domain names are also a red flag. Check the spelling of the hyperlink's domain name, the suffix, and the domain name in the sender's email address.
Even if everything checks out in the grammar department, you can do one better by "hovering" your cursor over the link to show where it will direct you. If the two don't match up, don't click it.
And finally, disregard emails or SMS messages that refer to things you've never ordered, subscribed to, or requested. If it sounds strangely unfamiliar, a malicious hyperlink is usually nearby.