To protect yourself as you read email and surf the web, you need to know where links are going to take you, compared to where you expect to go, because links and their associated addresses can be misleading. Email sent by phishers and hackers may contain links that look like they go to familiar, expected locations — but not quite. Do you know how to tell an authentic link from a fake?
You may see “Click Here” in an email message. You can examine where that link goes by putting your cursor over the link without clicking. Try it — your browser will show you the link address. Does it go where you are expecting it to go? It also is possible for the destination web page to send you off to another page, so you should check at the top of your browser for the actual web address of the page you are viewing.
Instead of a “Click Here” link, you may see an actual link like this in an email message — http://payroll.umaryland.edu/IncreaseYourPay.html — but just like the “Click Here” link, that address link actually might go someplace else. Put your cursor over the link without clicking, and your browser will show you where it will really send you. Does it go where you want to go?
Web page addresses have this general format:
Notice the punctuation around the website name:
- :// — immediately before the website name
- / — immediately after the website name
Any valid website at UMB will end with “umaryland.edu” and be located immediately after the double slashes and before the first single slash.
These links look the same, but are they?
If you put your cursor over a link without clicking on it, your browser will generally display the address that the link really goes to, regardless of what the text under your cursor actually says.
You need to be on guard against attempts to fool you into believing it is at a safe, familiar site instead of a criminal or hacked site. The essential rule is: The real host name always appears immediately after the double slashes and before the FIRST single slash. Hackers may build a web page address with a familiar host name before the SECOND single slash in an attempt to get you to believe their malicious site is familiar. If you see “umaryland.edu” anywhere else in the whole address, it may be a distractor to make you think you are going to a UMB web page when you are not.
Hovering before clicking and checking for a familiar host name in the correct position will save you from a great many scams and tricks offered in your email and on the web.
If you see “umaryland.edu” anywhere else in the whole address, it may be a distractor to make you think you are going to a UMB webpage when you are not.
This same rule holds true if you are expecting a web page on any other website that you may be familiar with. If you are expecting to go to PayPal, Amazon, Gmail, etc., always look for that familiar website name immediately before the first single slash.
Here is an actual phishing email example:
From: Email Adminstrator <Email Administrator@umaryland.edu>
Subject: Warning !!!
Date: February 10, 2015 4:04:13 PM EST
We have received many negative complaints against your email address that it is being used by spammers to promote spam remotely. We wish to notify you that we will temporarily lock down all emails sent from your address and reject them until we successfully verify that this email is under ownership of the authentic user and not by some bot.
So, if you are reading this then an important action is required by you to save your email from being flagged and to avoid further discontinuation of your outgoing email service. Please click here to authenticate the ownership of your account and “Click here”
Copyright © 2015 Email Security Team. All Rights Reserved
- Hover over the From: address — It’s not from anyone at UMB.
- Look at and hover over the Reply-To: — It doesn’t belong to anyone at UMB.
- Hover over the “Click here” — It’s taking you to a site outside of UMB, it doesn’t have .umaryland.edu anywhere in the link.
- If you receive an email that has that has any of these characteristics, DELETE it.
Here is a legitimate email example:
The Password for your UMID account will expire on 1/13/2015 10:06:12 AM.
This is the password used to access all UMID authenticated applications, such as the myUMB Portal, eUMB Systems, COEUS, Effort Reporting, SURFS, Blackboard, Google Apps @UMaryland, myUMB Mail, Campus Wireless (eduROAM), Library Resources, and Mediasite.
If you do not change your password, your password will expire and you will lose access to all UMID Authenticated Systems/Applications.
To reset your password, go to the Account Management Site (https://directory.umaryland.edu) and log in with your UMID and current Password. Click on the “Password” link on the left side of the screen to enter a new password.
If you do not remember your UMID or password, click on the “I cannot log into UM Account” link.
If you have any questions or the system does not accept the answer you are entering for your verification, please contact the IT Help Desk at 410-706-4357 (x6-HELP) or firstname.lastname@example.org.
IT Help Desk
Center for Information Technology Services (CITS)
University of Maryland, Baltimore
601 W. Lombard Street, Room 540
Baltimore, MD 21201
410 706-4357 (x6-HELP)
- This email passes all of our checks to verify links and addresses.
- Don’t trust that just because it has the campus branding that it is legitimate — that is easily copied and can be added to more sophisticated email phishing attempts. Just remember to take a closer look, hover, and check all links before clicking through.