This month’s Tip & Trick is on how to identify the actual URL for a link embedded in an email. This technique works with other sources as well like web pages and other electronic communication documents like Word docs, PDFs, etc.
URL stands for “Universal Resource Locator”. To simplify, it’s like an address that your computer knows how to interpret (very much like a physical mailing address for a building). A Hyperlink (synonymous with “link”) is the text you see on an email, Word doc, etc. that represents the actual URL – these do NOT have to be the same.
Hyperlinks in emails, on web pages and in documents like Word docs or PDFs can appear like any of the below (with many other variants):
Again, an important facet of hyperlinks that you need to understand is that what is displayed does NOT have to be the same as the actual URL or destination of that link.
To understand how a hyperlink functions, hover your mouse pointer over each of the above hyperlinks and notice the text that “pops-up” on the screen. For example, when hovering over the link “Click here to learn more about us” above, the example below shows the pop-up text box that appears:
In many cases your mouse pointer will change from its default pointer image to something different which indicates that it’s interpreting a hyperlink for you. The destination URL may be displayed at the bottom of your browser window or somewhere else on your screen rather than right next to your mouse pointer depending on the program you’re using to view the hyperlink (you may have to look around the screen to see text displaying as you move your mouse point over a hyperlink). Seeing a hyperlink that displays text different from its destination URL isn’t necessary “bad” or deceiving, but you just must pay attention before clicking to ensure you’re being directed to a resource, page, or destination that you’re expecting.
Here is an example of a URL with a “sub-domain” referenced:
Notice the bolded text “facebook.com” above. This is the actual parent domain name of this example hyperlink. For simplicity the text preceding it, “developers.”, is a link to a website or page related to the parent domain “facebook.com”. Ultimately, whatever the sub-domain is displayed as is irrelevant if you recognize and trust the company represented by the parent domain/website – the primary or “parent” domain is always at the end of the URL as seen in the Facebook example above. When confirming that a hyperlink and its associated URL/domain is safe, always check the primary/parent domain to see if it’s related to the site, resource, or page you are intending to visit. Many companies, non-profits and government agencies have sub-domains that allow for more complex websites.
Here is a summary of how all the above links have been configured and how some can be misleading:
- https://www.midwestprotech.com/ – this hyperlink is the same as its URL. Notice that when you hover your mouse pointer over this link, that it shows a URL destination that is the same as the hyperlink text. This type of link is the easiest to validate.
- firstname.lastname@example.org – this hyperlink is an email link. Notice the text mailto: that displays in front of the email address in the pop-up text (that appears when you hover your mouse pointer over the link). This tells you that if you click it, your email program or email website will pop-up and allow you to send an email to the address being displayed. This is a relatively safe type of link, but always check that you are emailing the address being displayed – sometimes a link will try to deceive you into emailing someone different that the email address being displayed.
- https://www.facebook.com/MIDPRO/ – this hyperlink is like the first example; its URL is the same as the link text and very safe. Also check to ensure that the primary domain (www.facebook.com) is a site that you recognize. The text after www.facebook.com (“/MIDPRO/”) represents a page or folder on the website www.facebook.com and is safe – IF you trust “facebook.com” (which is this case, you can). All text displayed after a primary domain like “facebook.com/”, “midwestprotech.com/”, “microsoft.com/”, etc. refers to pages (or folders) on that entity’s website.
- Click here to learn more about us – Again, as discussed above, this type of hyperlink should always be reviewed prior to clicking. ALWAYS be sure the destination URL is a domain/website you are confident is safe before clicking. Upon hovering over this link with your mouse pointer, notice that this link’s domain is “midwestprotech.com” so you can be confident that this hyperlink is safe to click on.
- microsoft.com – This hyperlink is also very safe, and its destination domain is the same primary domain name as the displayed hyperlink text. Notice that when you hover over the hyperlink that the www. In front of the destination domain isn’t shown in the displayed hyperlink text. This is generally OK because the www. reference is generally a reference to a general-purpose website and frankly is used less and less nowadays anyway.
- samplebadwebsite.com – Here is an example of a suspicious hyperlink. First of all, notice that the hyperlink is in the format of an actual domain name. This is obviously misleading because a hyperlink should either be a plain text word or phrase or an actual domain name. Having it masked as an actual domain name is almost always malicious. When hovering over the hyperlink, notice that the primary domain name is “opendns.com”. This is a reputable website that is widely used to filter and protect internet connections, so this is actually a safe test URL for the OpenDNS filtering solution. However, this type of hyperlink should ALMOST always be avoided unless you are totally confident that the destination domain name is safe.
- midwestprotech.com – Here is another example of a suspicious hyperlink. Notice we masked our Linked-In profile page (a safe page) as our website domain “midwestprotech.com”. This is NOT best practice, and this type of link should NOT be clicked because the displayed domain name doesn’t match the primary domain name of the hyperlink destination of “linkedin.com”. Again, this is for demonstration purposes only, this link is safe, but, is misleading.
- https://midwestprotech.repairshopr.com/my_profile/login – This hyperlink is the link to our ticketing and billing system. Notice that our name “midwestprotech” is displayed at the beginning of this hyperlink (similar to the “facebook.com” example above). In this example, this is because the actual domain (or parent website) that you are visiting when you click this link is RepairShopr’s website and our company’s branded ticketing/invoicing site is configured as a sub-domain of their parent website. This is important to notice because if you didn’t trust “repairshopr.com” (which of course you can) then you would need to be cautious before clicking a link like this.
We hope all this hasn’t totally overwhelmed you, but if so, put this info aside and come back to it later and re-read it. Please forward us any pointed questions and we’ll do our best to further explain or address any additional concerns you might have.