Email remains a popular form of communication in today’s digital world, especially in our workplaces. Unfortunately, our reliance on email has led cybercriminals to concoct new and creative ways to scam us of valuable and personal information, and one of the most commons scams involve clicking on suspicious links – otherwise known as phishing.
Phishing attacks, if successful, can paralyze hospitals tasked with protecting valuable patient data. These attacks can potentially cost millions of dollars and cause patient safety issues. To ensure our health system is protected, below are a few tips to help you recognize and report a suspicious link.
Hover over it
One of the first steps you should take before clicking on a link is to hover over it with your mouse, WITHOUT clicking or tapping on the link. When you hover over the link, the cursor will change from a pointer to a small hand and will show the URL. From there, you should be able to see where that link is being directed, to ensure you’re not going to a fake site or clicking a malicious link. If you have any doubts, do not click the link!
Remember, it’s not the email address you should hover over with the cursor – it is any suspicious link within the email. Also, always be wary of clicking on any attachment that comes with a suspicious email.
Misspelling and jumbled domains
A common way cybercriminals try to trick us is by misspelling a domain or jumbling it up with forward slashes. Scammers will do this by scrambling letters, number swapping, letter combos and missing letters. When reading a link, doublecheck it to make sure it’s spelled correctly. Also, if a domain does not contain any forward slashes, read it from left to right, but if a domain contains forward slashes, locate the one farthest from the right. Starting from that forward-slash, read the top-level domain from right to left.
Short links
Short links are common on social media, and the most common used are Bitly, Rebrandly and TinyURL. Companies and marketers use short links to reduce character counts, and because they’re so common, they are beginning to be used in cyberattacks.
So how do we stay protected? If a short link is sent to you from a source you don’t trust, don’t click it! There are also a few websites to use to expand short links, including www.expandurl.net and https://linkexpander.com/. You can copy and paste the link into these websites. By examining the link prior to clicking, you’ll have more of a chance of avoiding phishing, malware and viruses.
UTMs and tracking
UTMs stand for the snippets of text added to the end of the URL to help track the performance of campaigns and content. These often look like a bunch of jumbled letters and numbers at the end of links.
First, you should follow the single forward-slash method mentioned above to focus on the top-level domain. If the top-level domain is accurate, then the link should not be a concern. If you notice a question mark in the link, don’t sweat! Everything after the question mark is simply used for tracking purposes and helps businesses understand where their web traffic is coming from.
Please remember: If you receive a suspicious email or email containing a suspicious link, you should use the Phish Alert function in Outlook to notify our IT security team.
If you have any questions, contact the IT Service Desk directly by calling 423-431-6290.
