Don't Get April-Fooled: Here's How to Spot Bad Links

Can you imagine the number of pranks people pull on April Fools’ day? Would it bother you if you were subjected to them every day? If you're always online, you're constantly exposed to various online tricks and scams, except that these ones won't be funny.

The variety of things people do on the Internet these days have given cybercriminals more avenues and ways to distribute malicious links that spread malware and steal data. Here are some of the most common tricks they use, and a guide on how to spot them.

Malicious ads 

These days, searching for viral or seasonal topics and clicking on ads without thinking twice may allow ransomware into your system. One known way this is done is through the use of malicious ads that lure users with warning messages like machines are infected or software isn't updated.

[Read: Malvertising: When Online Ads Attack] 

• Never click on search ads that warn you of missing updates. Always upgrade either via automatic software/antimalware updates or by going to their official sites. (A)
• For ads that automatically load and redirect to malicious sites, make sure you have a security solution in place to block browser exploits.

Placement of a malicious ad on a trusted site

Spam and email scams

Each year, billions of new email accounts are created worldwide. The sheer number of possible targets itself is reason enough for cybercriminals to continue developing spammed messages. Attackers also use spear-phishing emails to get inside the networks of the organizations that they're targeting.                                                                                                                 

• Tread carefully if the sender is unfamiliar. Even if you've communicated before, double-check the address for missing or excess characters that weren't in previous messages. (A)
• Always hover over the links first and look at the bottom part of the window, where the target site's URL is shown. You can also check the safety ratings of these links on a domain reputation database. (B)
• Check the body of the email for sure signs of phishing, which includes the use of salad words and invisible ink.

Sample of a spammed LinkedIn message that leads to a 419 scam

Social media schemes

It's ironic that these days, the more you sit around and look at a screen, you're considered more "social". As of September 2014, 71% of online adults use Facebook, 23% use Twitter, 26% use Instagram, 28% use Pinterest, and 28% use LinkedIn. Bad guys use them as well, posing as friends, followers, or sources of celebrity information with malicious agenda.

[Read: Typical Social Media Scams and How Not to Fall for Them] 

• Beware of clickbait titles (A). As in the case of the Adam Levine scam, cybercriminals often copy sensational news items to lure users to bad sites. On Facebook, look at the lower left corner of the shared item to check if the source is reputable (B).
• For all social media sites, remember to copy the link and check their trust ratings.
• Be wary of claims that you can buy followers or friends by giving out your personal details or providing access to your profile.

Screenshot of an Adam Levine scam found in social networking site Facebook

Online banking fraud

Online banking fraud usually stems from clicking bogus links sent via email or visiting compromised sites that download data-stealing malware. These types of malware often show pop-up links during secure online banking sessions, asking users to log in again so the malware can steal their credentials.

• Check if the sender of a banking-related email was sent from the bank’s real address. (A)
• Never click on pop-up links, especially during online banking sessions.
• Don’t reply or click on links in emails that ask for your banking information. (B)
• Avoid malware infections by being careful of clicking email links and proactively blocking drive-by downloads.

Sample of a fake spam mail from Chase bank

Online shopping scams

Online shopping threats usually peak during the holiday season, though similar scams are always around all year long. The Internet is rife with fake ads that advertise trendy clothing or use big brand names to lure users. Don't fall for them.  

• Be cautious with ads that offer unbelievably low prices or unrealistic discounts. Hover above links to check where they really go and double-check these links’ trust ratings.
• Use an official shopping or payment app or bookmark trusted shopping links instead of searching for them online.
• When shopping and paying on mobile devices, make sure that you use the official site or app. (A)

[Read: Apple Pay, Google Wallet, NFC, and RFID: Is Your Mobile Payment Option Holiday-Safe?] 

Screenshot of a fake versus the real mobile PayPal site

Video site threats

Sometimes, popular video sites themselves become sources of malicious links and downloads. Users who are innocently watching videos and clicking on related ones may find themselves led into a maze of links that result in an infected computer.

• Always double-check links advertised by video sites before clicking or going on them. (A)