What you must… NEVER CLICK ONLINE

Webuser|February 05 - 28, 2020

What you must… NEVER CLICK ONLINE
Don’t get caught and scammed by the web’s latest mouse traps. Wayne Williams reveals all the things you should avoid clicking and tapping on the web, and explains how to spot them
Wayne Williams

The way that the worldwide web was conceived and is structured means you won’t get far without clicking on anything (or tapping, if you’re using a touchscreen). Unfortunately, for all the wonderful websites you can access with your mouse (or finger), there are lots of things you should keep your cursor well away from, unless you want to infect your PC with malware, hand over personal data to scammers, flood your inbox with spam or even end up in prison. Sadly, such ‘mouse traps’ are becoming increasingly widespread, and the tricks they use to lure you into compromising your privacy and security grow ever more devious.

In this feature, we highlight the dangers, risks and traps that lurk on the web, hidden behind innocuous-looking links, buttons, tick boxes and more, and explain how to spot them and avoid clicking yourself into trouble. We also explain how ‘dark patterns’ can sneakily influence the actions you take on the web.

SECURITY RISKS

Fake download buttons

Some download sites – and many online file hosts – display adverts that are sneakily designed to look like download buttons. These are usually big, bright and eye catching, and if you’re not paying proper attention, there’s a good chance you’ll click one of them instead of the real download link.

What’s the risk?

Instead of downloading the file you want, you’ll be taken to another site where you may be tricked into downloading malicious software or entering personal details to “unlock access” to your file.

How to avoid them

Take your time to ensure you find the genuine download option – it may be a small, unobtrusive link nestled between large ‘download’ buttons. Also, hover your mouse over the download button or link (but don’t click it) and look at the URL that appears at the bottom of your browser to see where clicking it will take you. If it’s another location on the current site, you can assume that it’s probably the legitimate download button. If it doesn’t look right (perhaps containing a reference to “adservices”), then look elsewhere.

Ad blockers such as uBlock Origin (bit.ly/ublock494) and Ghostery (www .ghostery.com) remove many of these buttons, but that’s not always the case, and some sites require you to disable your ad blocker before they will work.

Shortened links

In the early days of the web, magazines like ours had to print the full address of a web page, which could run to several lines in a column. URL shorteners such as Bitly, Is.gd and TinyURL do a great job of transforming long, unwieldy web addresses into something that’s much easier to type and share.

What’s the risk?

While a shortened URL is much easier to share or type, you often won’t have a clue where it leads until you click it. For example, where does bit.ly/2tYfNbt point to? Or bit.ly/microsoft999 for that matter? It could be to a malicious site.

As an aside, if you’re sharing personal links (perhaps to a private YouTube video that can only be accessed by someone with the URL), shrinking the address makes it much easier for unauthorised people to find. You can test this by typing bitly.com/ into your address bar, followed by a random word or two, and seeing where you end up.

How to avoid them

There are ways to find out where a shortened link leads without actually clicking it. You can view the details on the Bitly site, including the unmasked URL, creation date, number of clicks to date, and referrers and locations, simply by adding a plus symbol to the end of the URL. For example, bit.ly/wu494 takes you to our website, but bit.ly/ wu494+ takes you to the Bitly page about the link. Add a minus symbol to the end of an is.gd link to see where it goes, and add ‘preview’ before the tinyurl.com part of a link created using that service.

Alternatively, you can copy the shortened link to an online tool such as ExpandURL (www.expandurl.net), which will show you the full web address that the link takes you to.

Mysterious attachments

Unless you’re entirely new to email, you should know by now never to click a message attachment unless you know exactly what it is and where it came from. The trouble is that scammers have become very adept at fooling the unwary into clicking what seems like a very important attachment – for example, an invoice for a hotel stay the recipient never booked, a delivery notice supposedly from a courier company or a fine that needs paying immediately.

What’s the risk?

The level of risk depends on what the malicious attachment is designed to do once it’s clicked. It could infect your system with malware, install ransomware or launch an attack on a third-party site. Either way, it’s unlikely to be something harmless, so you should never click the file.

How to avoid it

Malicious email attachments used to be easy to spot because they came in the form of easily identifiable executables (with an ‘.exe’ suffix). Now, however, they can be made to look like documents, PDFs, photos, voicemails and more. The trick is to simply avoid clicking any attachments from unknown senders, and don’t open any from people you know unless you’re sure they are safe. A good antivirus program will protect you from most threats, but it’s wise to delete the email rather than leave the threat sitting in your inbox.

Fake security alerts

Provided your antivirus software is reliable and up to date, it should automatically deal with any threat it finds on your computer and inform you of whatever action it has taken to disarm the problem. Fake security alerts tend to be more demanding and in your face – using pop-ups and containing links to a program (either malicious, paid-for or both) that you ‘must’ download, or displaying a phone number that you supposedly need to call to resolve the issue.

What’s the risk?

If you heed the warning and install the recommended “antivirus” software, you could infect your perfectly clean PC with malware. Call the “helpline” and you may be asked to give the scammer remote access to your PC (see ‘Remoteaccess scams’, below) or be duped into sharing personal information and handing over your credit card details to fix a non-existent problem.

How to avoid them

articleRead

You can read up to 3 premium stories before you subscribe to Magzter GOLD

Log in, if you are already a subscriber

GoldLogo

Get unlimited access to thousands of curated premium stories and 5,000+ magazines

READ THE ENTIRE ISSUE

February 05 - 28, 2020