The way that the worldwide web was conceived and is structured means you won’t get far without clicking on anything (or tapping, if you’re using a touchscreen). Unfortunately, for all the wonderful websites you can access with your mouse (or finger), there are lots of things you should keep your cursor well away from, unless you want to infect your PC with malware, hand over personal data to scammers, flood your inbox with spam or even end up in prison. Sadly, such ‘mouse traps’ are becoming increasingly widespread, and the tricks they use to lure you into compromising your privacy and security grow ever more devious.
In this feature, we highlight the dangers, risks and traps that lurk on the web, hidden behind innocuous-looking links, buttons, tick boxes and more, and explain how to spot them and avoid clicking yourself into trouble. We also explain how ‘dark patterns’ can sneakily influence the actions you take on the web.
Fake download buttons
Some download sites – and many online file hosts – display adverts that are sneakily designed to look like download buttons. These are usually big, bright and eye catching, and if you’re not paying proper attention, there’s a good chance you’ll click one of them instead of the real download link.
What’s the risk?
Instead of downloading the file you want, you’ll be taken to another site where you may be tricked into downloading malicious software or entering personal details to “unlock access” to your file.
How to avoid them
Take your time to ensure you find the genuine download option – it may be a small, unobtrusive link nestled between large ‘download’ buttons. Also, hover your mouse over the download button or link (but don’t click it) and look at the URL that appears at the bottom of your browser to see where clicking it will take you. If it’s another location on the current site, you can assume that it’s probably the legitimate download button. If it doesn’t look right (perhaps containing a reference to “adservices”), then look elsewhere.
Ad blockers such as uBlock Origin (bit.ly/ublock494) and Ghostery (www .ghostery.com) remove many of these buttons, but that’s not always the case, and some sites require you to disable your ad blocker before they will work.
In the early days of the web, magazines like ours had to print the full address of a web page, which could run to several lines in a column. URL shorteners such as Bitly, Is.gd and TinyURL do a great job of transforming long, unwieldy web addresses into something that’s much easier to type and share.
What’s the risk?
While a shortened URL is much easier to share or type, you often won’t have a clue where it leads until you click it. For example, where does bit.ly/2tYfNbt point to? Or bit.ly/microsoft999 for that matter? It could be to a malicious site.
As an aside, if you’re sharing personal links (perhaps to a private YouTube video that can only be accessed by someone with the URL), shrinking the address makes it much easier for unauthorised people to find. You can test this by typing bitly.com/ into your address bar, followed by a random word or two, and seeing where you end up.
How to avoid them
There are ways to find out where a shortened link leads without actually clicking it. You can view the details on the Bitly site, including the unmasked URL, creation date, number of clicks to date, and referrers and locations, simply by adding a plus symbol to the end of the URL. For example, bit.ly/wu494 takes you to our website, but bit.ly/ wu494+ takes you to the Bitly page about the link. Add a minus symbol to the end of an is.gd link to see where it goes, and add ‘preview’ before the tinyurl.com part of a link created using that service.
Alternatively, you can copy the shortened link to an online tool such as ExpandURL (www.expandurl.net), which will show you the full web address that the link takes you to.
Unless you’re entirely new to email, you should know by now never to click a message attachment unless you know exactly what it is and where it came from. The trouble is that scammers have become very adept at fooling the unwary into clicking what seems like a very important attachment – for example, an invoice for a hotel stay the recipient never booked, a delivery notice supposedly from a courier company or a fine that needs paying immediately.
What’s the risk?
The level of risk depends on what the malicious attachment is designed to do once it’s clicked. It could infect your system with malware, install ransomware or launch an attack on a third-party site. Either way, it’s unlikely to be something harmless, so you should never click the file.
How to avoid it
Malicious email attachments used to be easy to spot because they came in the form of easily identifiable executables (with an ‘.exe’ suffix). Now, however, they can be made to look like documents, PDFs, photos, voicemails and more. The trick is to simply avoid clicking any attachments from unknown senders, and don’t open any from people you know unless you’re sure they are safe. A good antivirus program will protect you from most threats, but it’s wise to delete the email rather than leave the threat sitting in your inbox.
Fake security alerts
Provided your antivirus software is reliable and up to date, it should automatically deal with any threat it finds on your computer and inform you of whatever action it has taken to disarm the problem. Fake security alerts tend to be more demanding and in your face – using pop-ups and containing links to a program (either malicious, paid-for or both) that you ‘must’ download, or displaying a phone number that you supposedly need to call to resolve the issue.
What’s the risk?
If you heed the warning and install the recommended “antivirus” software, you could infect your perfectly clean PC with malware. Call the “helpline” and you may be asked to give the scammer remote access to your PC (see ‘Remoteaccess scams’, below) or be duped into sharing personal information and handing over your credit card details to fix a non-existent problem.
How to avoid them
Continue reading your story on the app
Continue reading your story in the magazine
What you must… NEVER CLICK ONLINE
Don’t get caught and scammed by the web’s latest mouse traps. Wayne Williams reveals all the things you should avoid clicking and tapping on the web, and explains how to spot them
An affordable Android smartphone with features beyond its price
How to... Dual-boot Linux Mint with Windows 10
Dual-booting gives you the ability to use Linux at its best without removing Windows. Wayne Williams shows you how
Reverse-search the web using photos
Uncover fake pictures, identify faces and catch photo thieves with a reverse image search. Jane Hoskyn reveals the best ways to search the web without words
Charge of the fight brigade
Barry Collins is tired of waking up to rows over unplugged devices
STOP USING SOFTWARE
Why download hefty programs when you can run everything in your browser instead? Wayne Williams reveals the best free online alternatives to desktop software
Restore missing KEYBOARD tools
Does your keyboard lack useful options that make typing quicker and easier? Nik Rawlinson explains how to access your keyboard’s missing features and reveal its hidden functions for free
How to... Create your own retro gaming arcade for free
Wayne Williams shows you how to play a huge collection of classic games while staying on the right side of the law
Best download managers
Whether you need to download a large individual file or multiple items, or you want to schedule a download for later, a dedicated download manager can make things easier. Steve Clark compares six of the best free tools
Beat online obstructions
Don’t let annoying popups and widgets block your access to websites. Robert Irvine reveals the best workarounds for common web hindrances and distractions
USERS COULD SOON HIDE ‘LIKE' COUNTS ON INSTAGRAM, FACEBOOK
The tiny red hearts that appear under Instagram photos of kids, kittens and sandwiches can be a source of stress for many users, an insidious way of measuring self-worth and popularity.
FACEBOOK USERS CAN APPEAL HARMFUL CONTENT TO OVERSIGHT BOARD
Facebook’s quasi-independent Oversight Board said this week that it will start letting users file appeals over posts, photos, and videos that they think the company shouldn’t have allowed to stay on its platforms.
MICROSOFT BUYING SPEECH RECOGNITION FIRM NUANCE IN $16B DEAL
Microsoft, on an accelerated growth push, is buying speech recognition company Nuance in a deal worth about $16 billion.
FACEBOOK DELIVERS BIASED JOB ADS, SKEWED BY GENDER
Facebook is showing different job ads to women and men in a way that might run afoul of anti-discrimination laws, according to a new study.
Microsoft Surface Pro 7+ : A giant leap in graphics performance
It’s the most potent upgrade the Surface Pro line has offered in years.
DEADLY WUHAN COVER-UP!
U.S. health officials untangling how virus escaped secret bio lab
7 Home Businesses You Can Launch in 2021
If you're considering starting your own business in 2021, you're in good company. Many people are looking to pivot and try something new in light of the recent economic climate.
FACEBOOK DATA ON MORE THAN 500M ACCOUNTS FOUND ONLINE
Details from more than 500 million Facebook users have been found available on a website for hackers.
Your Facebook Friend Has Some Thoughts To Share About Your Covid Vaccine
Mark Zuckerberg wanted to make Facebook a source of reliable information about the pandemic. Instead he created a perfect platform for conspiracy theorists
WINDOWS 10 ON M1 MACS: WHAT YOU CAN DO (VIRTUALIZATION, SORTA) AND CAN'T (BOOT CAMP)
VIRTUALIZATION IS KEY, BUT THE LACK OF A CONSUMER VERSION OF MICROSOFT’S M1 -COMPATIBLE OS KEEPS THE SITUATION IN DOUBT.