How to Investigate URL in Details to Prevent Internet Scam

The third chapter of URL investigation and prevention series will be on how to investigate URL in details to prevent internet scam. This chapter basically teaches you on how to deal with URL that sent to you carefully in order to avoid you from falling into the consequences of a dangerous URL.

Everyday you receive emails and messenger messages which contains URL from friends and also unknown sender. The best method is of course to not click on any of them, but what about URL from your friends and family? You can’t avoid all the URL, can you? At certain occasion, you might have to put a click on those URL and below is how you do it the right way.

Things to do when you received a URL

url

Credit: Access Techno

First and foremost, it is important to know whether the URL is malicious or not. If it is a malicious URL, you can forget about visiting the site already. Unless you are really curious and wanted to know what happen after visiting it, you can try using a virtual machine instead so that it will no harm your actual computer. Question is, how do you know whether the URL is malicious?

There is one site called Virus Total and you can submit the URL that you are going to visit a check for any malicious threat. Virus Total is not only capable of scanning URL, but it also can scan your executable files and it is always good to send your file there before executing it. It will use more than 30 antivirus around the world to perform a scan on your file or URL.

Get the actual URL

The first step is to investigate whether it is a malicious site. The second is to analyze the URL whether it will lead you to a phishing site where the actual URL is not what it appears to be. For instance is the URL below where I am going to ask you to click on the URL below to go to the Google main site.

Example:

Click to go to http://www.google.com

  1. Open your notepad now by going to “RUN” and type “notepad.exe”.
  2. Right-click on the URL above and click “Copy Link Address”.
  3. Paste the address into your notepad.

You will see that the actual address is my blog’s homepage instead of Google’s homepage. This is called a simple URL manipulation. It is not rocket science and you can do it too.  But how many out there actually copy the URL and check? The URL can easily lead you to a phishing site if you don’t investigate the URL in details.

Execute the URL in a Sandbox

This is pretty optional because not everyone has a Sandbox. But if you do, you can run the site inside the Sandbox so that the malicious software will not infect your computer. A Sandbox is basically an environment that is separated from your actual operating system where you can run your malicious software there and forget about it after closing it. Therefore, if you are not confident with the URL that you are going to visit but insists of visiting it, just use a Sandbox.

Make your decision wisely

The result of analyzing the URL is to come out with a conclusion whether you should visit the site and play along with it until the end. I can’t really teach on how to be wise, but there are few points that I would like to point out here to help you in making the decision.

  • Do not visit the website if it is reported as malicious site.
  • Do not visit the site if the actual URL is not legitimate.
  • Do not click on the URL when you see it in the first place whether it is from email or messenger. Analyze first.
  • Follow the point above whether it is your friend, family, relative, foe or stranger that send you the URL. Your friends or family might be the one infected and start spreading without realizing it.
  • If the message of the URL says URGENT or any other words that has to do with IMMEDIATELY REPLY, don’t play along with it.
  • If you feel something is not right about the site, stop right there find the owner of the site to make a report. Don’t be shy because security comes first.

The entire guide of this post should be sufficient to analyze a link before visiting them. You should be able to know what you are dealing with, where you are going to and also be able to predict the outcome. If you are careless and fell for the trap, you might just end up as what I had mentioned in the second chapter of this series.

My next chapter which is the last chapter of this series is going to be the 1o ways to get your computer infected with Malware. Do subscribe to this blog if you don’t want to miss my URL investigation and prevention series.

Chapter 1 | Chapter 2 | Chapter 3 | Chapter 4

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Watch Out for Google Adwords Phishing Scam
  2. What Would You Do When You Receive a URL?
  3. Effects of Malicious URL
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.

Comments

  1. Jasmine says:

    Good tips. It is always good to double check the URL before we open it in our browser, especially important if the URL is in an email!

    • Alan Tay says:

      That’s true. Even email from known friends are not trusted. Hotmail once hit with user sending malicious URL without realizing it. Although they had already fix it now, but still it is good to be careful. Thanks for dropping by.

  2. Isn’t there an anti-virus / anti-malware already present in mail services like gmail and hotmail these days?

    • Alan Tay says:

      Not too sure about the antivirus built-in into email services. But for hotmail case where the infected users are sending emails with URL without notice, they already fixed those. In addition to that, they also give out the feature for we all to report if we receive those emails again from our friends.

  3. Mushfique says:

    WOah ! Thanks for the Virus Total site Alan ! The first thing I did was to check my blog if it had any malicious codes ! Luckily it’s all fine ! This will become handy when I get URLs from others to visit. Thanks again !

    • Alan Tay says:

      You’re welcome :)

      I had been using that to test the files that I received from friends who are not so close with. I only realize there is a feature to submit URL 2 months after using Virus Total.

  4. Bob says:

    Before clicking a link you can check the hover link at the bottom right corner (for FireFox), bottom-left corner (for Chrome & IE) of your browser.

  5. jorge jacobo says:

    Hey man that was an interesting note here. By hovering over the link I could see in my status bar that it will send me somewhere else.

    By the way I found your site through your comment on DBT.

  6. Santosh says:

    G8 tip

  7. nik says:

    Thanks for your advice ! I will keep in mind thanks.There are lots of spam email for scam.
    nik recently posted..VERY LOVELY METROGATE HOME 8M (Meycauayan, Bulacan)My Profile

  8. Christa Joe says:

    Hi,
    I would like to know if these malicious URLs or infected sites do anything destructible inside a corporate network, as I believe the corporate LANs are quite secure than the one present inside a home network and many security policies are implemented in a corporate LAN. So, are there any chances that intruders may intercept or virus could be injected inside a corporate LAN if some user open a malicious URL?

Speak Your Mind

*

CommentLuv badge
This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)