Fakedownloadbuttonscanbeveryconvincing,sohoveroverthembeforeyouclickExpandURLshowsyouthedestinationof
shortenedlinksbeforeyouclickthemWhat you must never click online
COVER
FEATURE5 - 18 February 2020 41
unauthorised people to find. You can
test this by typing bitly.com/ into your
address bar, followed by a random word
or two, and seeing where you end up.How to avoid them
There are ways to find out where a
shortened link leads without actually
clicking it. You can view the details on
the Bitly site, including the unmasked
URL, creation date, number of clicks to
date, and referrers and locations, simplySECURITY RISKS
by adding a plus symbol to the end of
the URL. For example, bit.ly/wu494
takes you to our website, but bit.ly/
wu494+ takes you to the Bitly page
about the link. Add a minus symbol to
the end of an is.gd link to see where it
goes, and add ‘preview’ before the
tinyurl.com part of a link created using
that service.
Alternatively, you can copy the
shortened link to an online tool such as
ExpandURL (www.expandurl.net),
which will show you the full web address
that the link takes you to.Mysterious attachments
Unless you’re entirely new to email, you
should know by now never to click a
message attachment unless you know
exactly what it is and where it came
from. The trouble is that scammers
have become very adept at fooling the
unwary into clicking what seems like
a very important attachment – for
example, an invoice for a hotel stay the
recipient never booked, a deliveryFake download buttons
Some download sites – and many online
file hosts – display adverts that are
sneakily designed to look like download
buttons. These are usually big, bright
and eye catching, and if you’re not
paying proper attention, there’s a good
chance you’ll click one of them instead
of the real download link.
What’s the risk?
Instead of downloading the file you
want, you’ll be taken to another site
where you may be tricked into
downloading malicious software or
entering personal details to “unlock
access” to your file.
How to avoid them
Take your time to ensure you find the
genuine download option – it may be a
small, unobtrusive link nestled between
large ‘download’ buttons. Also, hover
your mouse over the download button
or link (but don’t click it) and look at the
URL that appears at the bottom of your
browser to see where clicking it will take
you. If it’s another location on the
current site, you can assume that it’s
probably the legitimate download
button. If it doesn’t look right (perhaps
containing a reference to “adservices”),
then look elsewhere.
Ad blockers such as uBlock Origin
(bit.ly/ublock494) and Ghostery (www
.ghostery.com) remove many of these
buttons, but that’s not always the case,
and some sites require you to disable
your ad blocker before they will work.
Shortened links
In the early days of the web, magazines
like ours had to print the full address of
a web page, which could run to several
lines in a column. URL shorteners such
as Bitly, Is.gd and TinyURL do a great
job of transforming long, unwieldy web
addresses into something that’s much
easier to type and share.
What’s the risk?
While a shortened URL is much easier to
share or type, you often won’t have a
clue where it leads until you click it. For
example, where does bit.ly/2tYfNbt
point to? Or bit.ly/microsoft999 for that
matter? It could be to a malicious site.
As an aside, if you’re sharing personal
links (perhaps to a private YouTube
video that can only be accessed by
someone with the URL), shrinking the
address makes it much easier for
Asmentionedabove,shortened
URLs such as those created
using Bitly can potentially be
dangerous. All the Bitly links
featured in Web User are, of
course, completely safe, but it
pays to be vigilant when clicking
links from untrusted or unknown
sources.
Bitly does its best to safeguard
users and, as it explains on its
support pages (bit.ly/bitly494),
the company encrypts all links using HTTPS, and monitors and blocks abuse
and spam where it can. You can report any suspicious links to abuse@bitly
.com. Remember that you can check where a Bitly link goes by adding a plus
sign to the end of the shortened URL.IS IT SAFE TO CLICK BITLY LINKS?