resilience

“Is that link phishy?”

Posted by resilience on

The famous Russian proverb, “Trust, but verify,” rings more true with each passing day.

There is traditionally some controversy over what that phrase means and in what order, especially in the context of information and personal security. Do we trust first, then verify, for example? Or does the rhyming imply some tongue-in-cheek?

Sarcasm is lost on me due to growing up with Gramma who said, “Careful with that sarcasm, sweetie, that’s anger turned inwards!”

In any case, it’s important to verify before we trust the hurdy gurdy man knocking on ourr door all willy nilly.

In most cases, it makes the most sense to pause and slow our reactions to startling messages. We also have to live our lives so our precautions have to align with a balanced approach, dancing the line between paranoia and being intentional about reducing our exposure to preventable risks.

Ever wonder if a site or link or whatever is legit?

It’s not getting any easier to tell when a website, link, or attachment is ‘phishy’ meaning if it’s legit or something we want to avoid like, well, a plague (too soon?).

When we’re talking about links, it’s important to know that there are generally two types of links.

The first is the typical, old-school, regular ones start with the usual http(s)://whatever ending with .com, .net, .org, and many other possible (even vanity) Top-Level-Domains or TLDs for short, followed by the rest of the link that can often be very long.

To make these reaaaaaalllllly long links much shorter, many people use a link-shortening tool that does shorten them but the downside is it also obscures the full link, making it trickier to tell if one of these is legit or not. Links that have been shortened in this way typically look something like goo.gl/U7bks or bit.ly/KL4r and are easy to click on when we’re not thinking. That’s why criminals use them often.

To defeat their attempts to trick us, we can use some tools to stay safe and smart!

Typically, I start with VirusTotal –> https://www.virustotal.com/gui/

You can copy/paste links in there, upload potentially malicious attachments there (be careful with this one and be especially mindful you’re not uploading sensitive information, too), and/or search for URLs that may or may not be trouble.

There are other choices, of course, like URLVoid (and related tools), for example, and Trend Micro recently released this tool that checks for lots of nasty stuff and also has integrations with Chrome, WhatsApp, and Messenger:

We can type any link, full-length or shortened, and the tool will verify if it’s legit. If the link is legit, we’ll see all green:

Don’t use Chrome, WhatsApp, or Messenger? Use this instead: https://check.trendmicro.com

Pretty cool these tools are getting easier to use. Hat tip to Rik Ferguson for the tip (full disclosure: Rik is VP Security Research for Trend Micro but I am not affiliated with them or the other tools mentioned).

Please share with family and friends if you think it would help make the Web less stressful and more fun for everyone.