What Happens If I Click That Link?

An important email safety practice is to avoid clicking on links that aren’t safe. This begs the question “How do I know if a link is safe to click?” The truth is you can never be sure, but there are ways of mitigating the risk.

A link’s presentation has two major components:

  1. The visible text (or image)
  2. The URL that the link references

These two pieces of information are not required to be related so you can have a link that says “Log in to my bank” but actually takes you to “badwebsite.com”. The trick is to know what the link actually refers to, not what it wants you to think it refers to.

Why should I car about HTML?

To view an email containing links you have to open it with something that reads HyperText Markup Language (HTML). Plain text messages cannot contain hyperlinks so the trick only works if you’re reading your messages as HTML. (One way to avoid clicking on links is to switch your email client to Text Only mode. We’ll cover this in another post.)

Most modern email clients (and all browsers) display HTML by default. “By default” means the program picked an option that it thought you would like without asking you. The down-side of having HTML on by default is that scammers can use it to create tricky links. The up-side is that you can use it to catch them.

How do I see what a link refers to?

Another feature that email clients and browsers enable by default is the Status Bar. This is the display area at the bottom of the bottom of the browser window where you see the “Transferring data from whatever.com…” or “Waiting for http://www.whatever.com…” when you visit a web page. A lot of the time it just says “Done”. Or it may be blank.

If you look at the bottom of your browser window right now you should see something like this:

status bar

Note: If you don’t see a Status Bar like the one above, it may be slightly different, depending on which browser you are using, or you may have to enable it. Try clicking View on the File menu. You should see an entry for Status Bar either directly under View or under View >> Toolbars. If there is no check mark next to Status Bar, click it and the Status Bar will be enabled.

But if you hover your mouse here you should see something like this:


By the way, “hover” means point your mouse but don’t click.  If you clicked you got “Error 404 – Not Found”. Welcome back:)

Notice that the Status bar now shows “http://blog.onlymyemail.com/link-to-nowhere”; the URL that the link refers to. Using this information you can look before you leap when confronted with suspicious links.

Yes, it’s that simple. Hover over the link and look at the Status Bar.

To click or not to click . . .

Any time you’re even remotely suspicious of a link you should check to see where it goes. For example you often see things like this displayed:


But if you hover over the link you’ll see something like this:


Kind of a link “bait and switch”. Of course the URL won’t always be so obvious about being a bad site. Some spammers will assume you know how to check the link and get trickier.

What if you see this:

Click to log in

And it links to this:


in an email from Facebook?

You might just go ahead and click this one, not noticing that it goes to facebook.cn (.cn is the top level domain for China. In this case you’d be safe if you clicked it because there actually is a legitimate facebook.cn. What? Of course there’s Facebook in China.) The point is the URL was slightly varied from what you expected. Enough to get a computer to go to the “wrong” site, but not enough for a human to notice without looking for it.

This is often done with sub-domains:


For it to really be VISA, the “visa” has to be right next to the “.com”, otherwise it’s probably not VISA. (We use probably here because huge corporations don’t always understand this stuff.)

The bottom line is, don’t just look at link URLs, look at them carefully. And remember, even if you know the URL that a link references, there’s no guarantee you’ll end up there because the server or file that the link refers to can redirect requests for that URL to anywhere on the Internet.

That being said, knowing what the link actually connects to is valuable information if you know what to do with it.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.


Comments are closed.