HEALTH DISPARITIES BLOG

April 14, 2009

How to spot a fake link

(This post appears as part of our Tech Tuesday series.)

Nearly every day I get an email that seems to come from a bank or PayPal asking me to click a link and enter my information to correct some error or issue. These are almost always attempts to steal personal information. Let's look at how this scam works.

Typically a link is created using code similar to this:

<a href="http://www.yahoo.com">http://www.yahoo.com</a>


Which ends up being displayed as:

http://www.yahoo.com

The link (actually text) you see displayed is what appears just before the </a>.

I could place any text in that space and the link would still work. For example:

<a href="http://www.yahoo.com">http://www.LOOKATME.com</a>


would display as:

http://www.LOOKATME.com

but still direct you to www.yahoo.com. You can check to see where the link directs by mousing over the link and looking in status area of your browser. Usually this is in the bottom left hand corner.

So the code that creates the link has two distinct parts - the actual link to where you will go if you click on it - and whatever is displayed.

In fact, what is put in the second part of the code doesn't even need to look like a link. I can do something like this:

<a href="http://www.yahoo.com">Cleveland is nice in the summer.</a>


and the link would still lead to yahoo.com if you clicked on it.

Now we can see that the way a fake link works is the first part of the code directs you to a bad website but the second part of the code leads you to believe that you are going to someplace legit.

If I take the time to add more context around the fake link it becomes even easier to fool someone.

With the falling economy it is important that every dollar you have invested works hard for you. You can visit our site where you can learn how to get great interest rates.

Go ahead and click on that link. It's ok.

Here is the code for that:

<a href="http://www.youtube.com/watch?v=oHg5SJYRHA0">great interest rates.</a>


To make matters even more complicated these scammers register domain names and create subdomains with names that are the same as popular financial institutions.

A scammer might register the domain name - importantsecuritycheckforyou.com - and create the subdomain of metropolisbank. So a link to this fake page would lead you to:

metropolisbank.importantsecuritycheckforyou.com

At first glance this looks legit. But the first part of the web address is NOT the actual website but rather a subdomain of the actual website. An example of how this could be used is:

We are sorry to inform you that your account may have been compromised. Please log into your account at http://www.metropolisbank.com.

So what is a web user to do? Never click on a link to any financial website. If you do click on a link make sure you are coming from a reputable webpage and that you have checked in the status area of your web browser to see the actual address you are being directed to.

The WOT (Web of Trust) Firefox add-on is a useful tool to help keep you safe while on the web. (You did check to make sure that link was legit didn't you?)

Note - the problem is even greater when you consider link shortening services like tinyurl.com. These services reduce the length of the link making them more friendly for social media sites like Twitter. But beware, it is very difficult to know in advance where you will be taken if you click on a tinyurl link.