Stop Malicious Links in Emails

TL;DR

Malicious links are often sent via email, especially targeting platforms like Reddit and LinkedIn. This guide shows you how to identify, block, and report these threats, protecting yourself from phishing and malware.

1. Understanding the Threat

Attackers use emails to trick you into clicking dangerous links. These links can:

• Steal your login details (phishing).
• Install harmful software on your computer (malware).
• Redirect you to fake websites that look real.

Reddit and LinkedIn are common targets because attackers often impersonate users or groups.

2. Identifying Suspicious Emails

1. Check the Sender’s Address: Does it match who you expect? Look closely for slight misspellings (e.g., linkdedin instead of linkedin).
2. Hover Over Links: Before clicking, hover your mouse over any links in the email. The actual URL will appear – does it look legitimate? If it’s a shortened link (like bit.ly), be extra cautious.
3. Look for Poor Grammar and Spelling: Professional emails are usually well-written. Errors can indicate a scam.
4. Be Wary of Urgent Requests: Attackers often create a sense of urgency to pressure you into acting quickly without thinking.
5. Unsolicited Attachments: Never open attachments from unknown senders.

3. Blocking Malicious Senders

Most email providers allow you to block specific addresses.

1. Gmail: Open the email, click the three vertical dots (More) and select ‘Block [sender’s address]’.
2. Outlook: Right-click on the sender’s name in the email header and choose ‘Junk’ > ‘Block Sender’.
3. Other Providers: Check your provider’s help documentation for instructions on blocking senders.

4. Reporting Phishing Emails

Reporting helps security teams track down attackers and protect others.

• Report to Your Email Provider: Most providers have a ‘Report phishing’ button or option within the email interface.
• Report to Reddit/LinkedIn: If the email references either platform, report it through their respective security channels:
  • Reddit: Report Abuse on Reddit
  • LinkedIn: Use the ‘Report’ feature on the suspicious profile or message.
• National Cyber Security Centre (NCSC): Report phishing emails to the NCSC at https://www.ncsc.gov.uk/report-cyber-incident

5. Protecting Your Accounts

1. Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your accounts, even if someone steals your password.
2. Use Strong Passwords: Create unique, complex passwords for each account. A password manager can help.
3. Keep Software Updated: Regularly update your operating system, browser, and antivirus software.

6. Scanning Links with Online Tools

If you’re unsure about a link but need to check it, use an online scanner.

• VirusTotal: https://www.virustotal.com/gui/home/upload – Upload the URL to scan it with multiple antivirus engines.
• URLVoid: https://urlvoid.com/ – Provides a detailed report on a link’s reputation and history.

7. Browser Security Settings

Modern browsers have built-in security features.

• Enable Safe Browsing: Check your browser settings to ensure safe browsing is enabled (e.g., Google Chrome’s Enhanced Protection).
• Install a Reputable Browser Extension: Consider using extensions that block malicious websites and phishing attempts.