Links & Attachments: What to Know Before You Click

  • 3 February 2012
  • 11 replies

Userlevel 5
  • Retired Webrooter
  • 58 replies
Who sent the message?
If you were not expecting something from a family member or friend, it may legitimately be from them, or it could be that their account was hijacked and the message is actually being sent by a cybercriminal hoping to infect your computer and/or steal your information. The easy way to discover whether it is actually from your friend or family member is to call, text, or email the sender and ask.
Be especially wary of emails from friends and family that a) have no subject line, and b) only contain a link or attachment. This is usually evidence for a hijacked account. Be sure to call the person who purportedly sent you the link to discuss the message with them.
If the message and attachments or link come from a company, there is a different set of questions to ask.
Do you use this company?
If not it is probably junk, or worse, a scam.
If you do use the company, were you expecting to receive an email, or other message from them? For example, if you just ordered new work pants and you immediately get an email from the company you purchased the pants from saying here is a copy of your order, it is most likely safe.
If the message comes from a company you do business with but you did not just contact the company, it is time to ask another question.
Why was the message sent?
Any message from a company asking you for sensitive information, telling you to download and fill out a form, telling you to click on their link, or asking you to check out their video or photo is highly suspicious. Always check these messages out before taking any of these actions, and never use information they provide when checking them out.
If the message wants you to link to their site to fill in information, don’t. Instead, using a search engine find the company’s site, log into your account and see if the same questions or requested actions are mentioned there If they aren’t, you know the message was a scam. If the same instructions appear on your account, use the legitimate site to respond – never the link you got in email.
Never use the phone number shown in the message as it may also be fake.
While it can be tempting to just hurry through your email, IM and text messages, haste makes mistakes. It is better to slow down, and take the time to consider the message, check to see if it is legitimate, and act on your own rather than on something you are being steered towards.

11 replies

Userlevel 7
Badge +7
Several years ago my email account was hacked and all my contact received suspicious links.  Fortunately I was able to alert everyone to the problem before anyone clicked on it.  
Since then I have learned a few things.  Now I always use a very secure password and all my passwords are different.  I watch for phishing site tells and use anti-phishing technology wherever I can.
I also never send a link or attachment without also including something personal like, "When I watched this vid I thought about the karaoke night we all bombed :P" or "I think you and Frank might like something like this on your trip."  I tell all my friends to expect these kinds of personal comments from me.  Hackers can't spoof specifics like this, so if my email account ever sends everyone a message with a link but no "flavor" they know it's not me.  This way I can help protect my contacts too.  
Userlevel 5
Awesome advice, Sophia.
I had a feeling that was what was going on when I kept getting these links for ways to make money from home from my sister in law.....she very rarely sends out any e mail.  That confirms it.  Thanks alot.
Select email, dont open it in your email client, then click in the menu top of client View then Message Source to safely view email.
Userlevel 7
I wish employees of the South Carolina government had read this. Maybe the taxpayer database woudl not have been hacked and our information stolen. They said it started when someone opened an email that contained a trojan. Damage done.
Userlevel 7
Yeah, that's never ending fight. I am always arguing my parents to don't click on everything you see or you are prompted to do so. Think twice before you click. The problem is that some elderly users (pardon me I don't mean it specifically) can't understand why somebody who is sending them an e-mail should try to obfuscate them and when they read for instance ... you have won a trip to Bahamas just to clik there to download your voucher ... needless to say what follows 😃
Userlevel 7
@ wrote:
Yeah, that's never ending fight. I am always arguing my parents to don't click on everything you see or you are prompted to do so. Think twice before you click.
Yeah, same problem here with my Wife. I call her the "Happy Clicker". Sometimes I think She wants to put Webroot to the ultimate test for blocking malware. lol. She hit a few that Webroot stopped. I keep an eye on her computer by way of the PC Security Console, that she doesn't know about. When your married it doesn't pay to argue, I always lose. (That's what she thinks anyway) lol
Userlevel 7
Badge +56
What you do is put WSA in what I call paranoid mode as an Anti-Executable is go into Heuristics and set all to the Max and change the setting to "Warn when new programs execute that are not trusted" then they will say hey what are all these pop-ups please stop them! Just a Joke nothing more. :D
Userlevel 7
I just had a fraudulent purchase show up on my checking account from ABT Electronics. I let them know and they stopped the order immediately. I also canceled my debit card. I wonder if this has anythign to do with the stolen identities from SC taxpayers?
Userlevel 7
@ wrote:
go into Heuristics and set all to the Max and change the setting to "Warn when new programs execute that are not trusted"
BTW, I tried this setup just for curiosity and it can really end up in madness especially if you do this upon WSA installation. You won't be catching all prompts. So I don't recommend this setup combination until at least you have run the most of applications you use. It is also not good setup for those who are often updating applications. However, I successfully use all heuristics to Max without issues. What really makes difference though is "Warn when new programs execute that are not trusted".
Userlevel 6
I use AOL.  Yeah, I know ... piece of crap.   :8   But I've been with them since the inception and have grown fond of them in a wierd sort of way.  I've been getting a lot of emails from "unknown sender."  Out of curiousity, I opened a couple of them.  They contain only one or two other links ... nothing more.  I contacted AOL Tech and they informed me they were aware of the problem and said that clicking on those links is a prelude to having your password hijacked.  So, I don't do it.
I have two email addresses from AOL to which I can report suspicious emails.  One is Compromised @ abuse dot aol dot com and the other is abuse @ aol dot com.  Now, I routinely forward suspicious repetitive emails to AOL.  I'm told it works ... eventually.  We'll see.  Check with your ISP and see of they have a spoofing site.  If so, use it.
I've gotten a number of very convincing looking emails purportedly sent by my bank and by other banks.  Some of them are incredibly authentic loooking, with logos and everything.  I have a list of spoofing sites for various banks and always forward these emails to them.  They are usually very appreciative and will follow up.
Never click on "unsubscribe" if you've opened a suspicious email.  Clicking "unsubscribe" may eliminate the suspect email (probably not), but it certainly opens the door to a host of new suspicious emails.  Clicking "unsubscribe" validates your email address, particularly if you type in your email address before clicking "unsubscribe."  Don't do it.
I was at one time getting a lot of emails from someone purporting to be a highly placed individual in the Benin Republic or Indonesia or Ghana, advising me I have been sent a trunk containing millions in Swiss francs.  I was told I was elected to be the repository for the trunk and would receive a percentage.  All I needed to do was forward my personal information and the trunk would be delivered to me.  Folks, if you believe that one, you're in real trouble and you should immediately make an appointment with a good psychiatrist!  😃