If that sounds like a rule, well, it is one for me; and I recommend it to everyone. The odds are just too great that a link in an email message will lead to unwanted or even dangerous things.
A malware scan is a routine part of a slow-computer tune up and finding a load of malicious software is a much more common occurrence than not. The owner is always surprised and wants to know how it got into their computer! There are several ways that the bad guys get in, and one of the most common is through email. Usually via links embedded in email messages, but also through photos and images included as part of the message.
That’s why most email systems will avoid automatically showing you images in email messages. The nature of just decoding and showing a photograph forces a computer system to run malicious programs that might be hidden within the photograph itself. (Google: steganography.)
Similarly, a malicious link can be hidden, in effect, under what appears to be a legitimate reference from a friend or other trusted source. Even a link that looks like a web URL, such as “www.SafeStuffOnWeb.com” can actually be a disguise for a link to “www.EvilMalwareIncarnate.ru”. (Not a real example at this writing.)
Just because the mail appears to be from a friend, that doesn’t make it safe. If you want to be safe, then don’t trust links in email. Period.
How do you deal with it if a friend sends you a link that maybe you really need to check out? Well, for starters, if there’s nothing but a link in the email, ignore it. It’s probably spam that has spoofed (pretends to be from) your friend’s email address. But if you’re not sure about it – maybe it is that kitten photo that will save the world – then search the web for the description that your friend has provided. Google: “kitten save world,” and pick a reputable link from the results.
Another easy way to check a link in an email is to manually type it into your web browser. Start with just the domain name and see if the search results come back with complaints about malware. (The domain name is the part between “www.” and “.com”.)
There’s lots of other ways for malware to get into your computer, of course, but via email is one of the most common. We’ll cover some others in another column.
Hoping, as always, that this is all quite clear and useful; nevertheless if I can fill in some details, or help with anything on your computers, please don’t hesitate to contact me.
MIKE PEPPER, The Computer Guy, has been providing software and hardware support in New York and Connecticut for more than 35 years. He can be reached at: www.PawlingComputerGuy.com.