5 Rules To Follow Before Clicking On A Suspicious Link
Despite all of the benefits that the digital age has brought us, the unfortunate truth is that it has also empowered scammers, criminals, and bad actors. Digital fraud is on the rise, and with something as simple as a trapped link and some sweet-talking, a scammer can swipe all of your most valuable data and rob you blind. If you want to avoid the most common ways of having your passwords hacked, the best thing you can do is employ tools of healthy skepticism with every link you encounter, from double-checking addresses to running a grammar check.
No matter how advanced digital scamming becomes — especially with the advent of generative AI and the new trickery tactics it enables — the vast majority of trapped links can be safely avoided with a combination of calm, critical thinking and common-sense inspection methods. It can be scary to receive an alarming message with a plea for money, or enticing to get some kind of offer that's almost certainly too good to be true — but so long as you remain calm and employ this playbook of scrutiny, you can dodge the danger, as well as report the culprits and hopefully spare others the headache.
Remain calm and think logically
The absolute first thing you should always do upon receiving any kind of suspicious link is remain calm. Scammers of all shapes and sizes, more often than not, try to bank on intense emotions in order to trick you into clicking their links. They'll send you a DM that they've already stolen your information and are holding it hostage to scare you, or they'll email you with an enticing offer for something they know you want. These plays on intense emotions are usually paired with a sense of urgency, that something bad will happen if you don't click their link as soon as you get it.
It's scary and disorienting to receive a message like that, but if you get any kind of suspicious or hostile invite, before anything else, you should take a deep breath and focus on thinking logically. Don't click on anything until you're certain that you're calm. In the right state of mind, you're much more likely to see through whatever nonsense a potential scammer is trying to feed you.
Check senders and addresses
The thing you should know about scammers is that the majority of them are both very lazy and not particularly smart. For example, if they wanted to trick you into clicking a link by posing as your bank in an email, they'd probably put the name of your bank in the subject line, and maybe something to the effect of "hi, it's your bank" in the body. However, what they'll likely neglect to do is change the address the email is coming from, and that's where you'll catch them.
Whenever you receive an email from some manner of important institution like a bank, a school, a lawyer, or anything like that, check the sender's name and email address. Odds are good the address will be some random mishmash rather than that institution's actual, official address, which you can verify by visiting that institution's website. Even if the address has the institution's name in it, it will likely be different from the official one in some small way, like using out-of-place periods. If you've ever previously received an email from the same source, and you know that previous email was genuine, you can pull it up and use it as a point of comparison to check the address and sender.
Run a spelling and grammar check
It might seem silly to be double-checking the spelling or grammar of an email or DM to scan for scammers, but in actuality, it's one of the best tools you have for protecting yourself. Whether they're trying to dodge spam filters with deliberate errors or they're just genuinely bad at writing, scam emails and DMs will often seem very slapdash and thrown-together. If a message is riddled with obvious typos, then you definitely shouldn't click any links within it, and especially if the message is claiming to be from one of those aforementioned institutions. Obviously, a bank or a school would bother to proofread its emails.
Even if there aren't any obvious typos, you may still want to pull up an old email from the alleged same source if you have one. Scammers may make use of generative AI to clone the contents of common messages and make them sound more authentic, but generative AI has its own particular quirks when it comes to writing messages. If the tone of the suspicious email seems notably different from the genuine one, more stilted and robotic, it's probably a generic scammer message.
Hover before you click
Let's say that you get an email or DM that seems to be on the level, but you still have a bad feeling about any included links. You might think that your only way of knowing for sure would be to click the link and cross your fingers, but you do still have one good tool left at your disposal: mousing over.
In all desktop web browsers, if you hold your mouse cursor over hyperlink text, you can see the link address in the bottom-left corner of the window. Returning to the bank example, if a hyperlink is supposed to lead you to a bank's official website, the mouse-over should reveal a relatively clean URL with the bank's name front and center. If you mouse over that link and see nothing but a string of seemingly random letters, numbers, and misspelled words, that's a big red flag. Remember, just checking the URL in this manner is safe; a trapped link only becomes dangerous when it's clicked on.
Double-check with friends and family
What's especially frustrating about the ubiquity of online scams and suspicious links is scammers' tendency to use your friends and family against you. In addition to those important-sounding institutions, scammers may attempt to duplicate your loved ones' identities to make you click on a trapped link. It's a dangerous method to tug at your emotions and sense of trust and urgency, but it has a fatal flaw in secondary communication methods.
If you ever receive a suspicious link from someone you know, either through email or DM, you should contact that person through a secondary communication method. Whether you message them on another platform, call them on the phone, or just visit them in person, you can confirm as to whether that initial message actually came from them and take appropriate action. In the best-case scenario, some scammer was just sending you an email with a spoofed address — but this could also be a signal that your friend's accounts have been hacked, prompting them to take security countermeasures, so it's an important step.