This site uses third-party cookies, learn more or accept
dark light

Links in Emails - what you should and shouldn't do

Written by Max Pelic on

You may have heard clicking links in emails is dangerous, but this danger isn't limited to links in emails. Any website you visit could use this method of phishing to trick you into giving them your personal information. Here's how they do it, and how you can avoid it.

How fake links are made

If you see a link on a website like this: google.com, you'd probably assume it leads to google.com, right? Even though it looks like it leads to Google, the link above actually leads to maxpelic.com/fake-link.

Here's what the HTML looks like for the link above:

1<a href="https://maxpelic.com/fake-link">google.com</a>

When someone includes this in an official-looking email, or in a blog post or other website, you might not realize it's a link to a different site. If you're not careful, you might end up clicking on the link and entering personal information, thinking it's a different website.

When you need to be careful

The good news is you don't have to be super paranoid - if you receive an unexpected email or a random website gives you a link to PayPal, you should definitely be careful. But if you just signed up for an account or placed an order and receive an email, or if you click a link from a website you trust, you probably don't have to worry about being tricked.

It's also possible to trick people using buttons and pictures - this isn't only limited to links. If you see a button that supposedly leads to your bank account, or a window opens saying you need to log in to Facebook to continue, make sure it's legit before entering your information.

How to avoid being tricked

Method 1: Only copy-paste links

The best way to avoid following fake links is by copy-pasting the text into your browser. That way you know for sure what website you're visiting, and you can make sure it's the right website before opening the link. If you use this method, make sure the domain name is spelled correctly and leads to the right website. For example, if you're expecting the link to lead to maxpelic.com, make sure it's not maxpuelc.com, maxpelic.info, or M4XPELIC.COM.

Method 2: Hover over the link and see where it leads

If you're using a web browser like Google Chrome, you can hover over a link in an email and see where it leads. Be careful though, if you're on a website and hover over the link, they can trick you into thinking it leads somewhere else.

For example, the following HTML will show a link that looks like it leads to google.com, but actually leads to maxpelic.com:

1<a href="https://google.com" onclick="window.location.href='https://maxpelic.com'; return false">google.com</a>

Method 3: Check the URL before entering information

This is just generally good practice whenever you are entering any sensitive information, including passwords, emails, or any other account information. Before using a site, check the URL you're at and make sure it's what you expect. If you're not sure, it's probably best to avoid using that site.

Share this article:

Previous Article: CSS @suports - everything you need to know

Next Article: MySQL results not updating? Check the query cache