When you receive an email or txt message with a web page link (URL) these days, it’s a good idea to scrutinize the web address before clicking on it to visit the site. Most of us know that you can point at a link and hover over it without clicking, to look and see if the underlying address matches. And if you’re on mobile you can usually hold and copy the link to paste it into a browser and inspect it further before going further.
In this help article we wanted to point out some tools you can use to check the rating of a web link before you choose to go to the site. And we’ll also touch on the issue of “tiny” URL’s and what you can do to decide if they’re safe to click.
Should I check links in messages before clicking to visit a site?
-
Our answer is Yes! The SaneBox support team is always studying up on best practices. And we all agree on the need to be cautious and skeptical when it comes to links we receive in email or text messages. Caveat Emptor!
-
“MalSpam“ is a new term for some of us, but it’s self explanatory. We all know someone who’s been victimized and tricked by malicious intent and nefarious links in a message that seemed legit at the moment.
So how do I check a URL or link
-
Zscaler Zulu URL Risk Analyzer: Let’s see what this cutting edge security firm says about the site?
-
PaloAlto Networks security firm’s “Test a Site” tool: Let the SaneBox team know if you like this one?
-
Google has a safe browsing search tool: Try a Copy & Paste or any URL you want to check for safety.
-
Check with TrendMicro - test your URL: Give this web link checker a try too!
-
Norton SafeWeb URL checker: It can’t hurt to cross-check with more than one tool.
-
The PhishTank (operated by OpenDNS of Cisco) Check a URL, and Join the fight against Phishing!
-
Try this domain “blacklist” checker from MXtoolbox: Take the base domain name from a URL (the whatever.io or something.io or whoever.com) and check it. If it’s blacklisted, there’s usually a reason.
See AlsoDocs | Next.js -
Even try a WhoIS lookup, via any registrar like GoDaddy: Take just the base part of the web link, the main domain name like companyname.com and do a WhoIS on that domain name. The “DNS Server” part of the results can be a clue of ownership or host. The domain registrar the domain was bought from or other contact info can also give credence or cast doubt on the credibility of web pages hosted on that domain name.
Are Bitly or Tiny type shortened URLs safe to click?
-
Not always! Any time you can’t see what you are doing, your forecast is cloudy with a chance of rain or even a malware attack and some real pain.
-
URL Shortening services make it easier to share a long web link when you’re on certain apps or platforms. There are other ways to share a long link, (like using short descriptive words and markdown code for the actual link.) Often senders use the Bitly or TinyURL type service more for their own benefit, so they can track click and visit rates.
How can I see the long URL hiding behind a shortened link?
The more popular and legit URL shortening services normally provide you with a way to “preview” the corresponding long web address before you go on to visit the site.
-
Bit.ly: Simply add a “+” to the end of the Bit.ly URL, before visiting the link. (This takes you to a preview page to see the site info and full URL before deciding to go on to the site.)
-
TinyURL: If you don’t want to have to visit the TinyURL site for their preview interface, Just add the word “preview” between the “https://” and the “tinyurl.com/..” part of the shortened link web address.
Note: It’s important to remember that you can take the long web links you reveal and then check them for safety with a tool like our examples earlier in this article.
Even when you do use a URL checker for the long URL from a shortened URL preview, or for any URL, there’s no absolute guarantee that a site is free of malicious content at the moment, but if you don’t check unfamiliar web links you’re much more likely to be victimized.
Additional Resources
- A help page cross-reference on caution & safety steps with Bitly or TinyURL type links:
https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/shortened-url-security
- General, but helpful, reminders around browser security:
https://www.bu.edu/tech/support/information-security/security-for-everyone/how-to-identify-and-protect-yourself-from-an-unsafe-website/
And please feel free to reach out to our SaneBox support team with any email related questions, (even if you aren’t a subscriber yet or haven’t even heard of or tried SaneBox for email AI.) Just use this SaneBox Support link to chat live with us or to submit a question by email.