By: Tim O’Pry | Chief Security Officer
Before I click on any link or open a file attachment sent to me via email, I have déjà vu of the 1976 movie Marathon Man, where Dustin Hoffman was continually being asked, “Is it safe?” while being tortured. While clicking on an email link may not be as physically painful, the angst involved can be just as real.
So, how does one determine if a link or file is safe?
- First, is this email from an entity or person you know? If not, DELETE!
- If it is a file, were you expecting a file? If not, DELETE!
- Is it a shortened URL (like those sent via Twitter or in text messages)?
- If it is a link, do you really need to click on that link, or is it just another cat video on YouTube? DELETE (OK, I enjoy ICanHasCheezeburger as much as the next guy, but I type in the web address for my fix)
- If the email is from a financial service provider (e.g., your bank, Schwab, etc.) – the first choice is to open your browser and type in their web address (or use a previously saved shortcut) – or even better, use LastPass to open the website and log you in.
Wow, even after all those DELETES, I still have a few left – so, this is what I do before I click on anything.
Step 1: Copy the link to your clipboard. To do this, hover your mouse over the link and then RIGHT-CLICK (emphasis on RIGHT mouse button click) on the link and select “Copy Hyperlink”
Step 2: Open your browser and go to: https://www.virustotal.com
Step 3: Select the URL tab in the center, then click in the “Search” box and either press “CTRL V” to paste the link you just copied, or right-click and select “Paste” and then press the enter key.
Virus Total (a Google company spinoff) will then check that link against more than four dozen different scanners. If they do not all come back as “Clean” (the number in the upper left should be ZERO)– then…DELETE!
For a file attachment do the following:
Step 1: Save the file without opening it to your computer. How you do this can vary based upon your email program or provider. For some, there is a small arrow you click on and select “Save As.” In Gmail, if you hover your mouse over the filename, the image will change, and a down arrow will appear to download the file. Select a location and save the file but DO NOT open it.
Step 2: From the Virus Total website, select “File,” then click on the “Choose file” button.
When you click on “Choose file,” a dialog box will open where you can find and select the file. Click on “Confirm Upload.”
After the file is uploaded, Virus Total will check it using more than 50 different scanners. If the number in the upper left is not ZERO, then DELETE the file!
Another useful tool/website that I use for checking links is called URLScan (https://urlscan.io). This works in the same manner as VirusTotal, but it also will show you a thumbnail of the web page, which can be helpful, and also provide lot of technical, info to tell you what this site is really doing.
Paste the link into the search box and then click on “Public Scan.” The results are really geeky and technical, and will look like the following.
This tool contains a lot more technical info that may not be helpful to most. I recommend starting with Virus Total and if you still have concerns, check it on URLScan.
If this seems a bit inconvenient—it is. That is the nature of security. But the consequences can be much worse. If a link is not worth the trouble of taking 30 seconds to scan it with Virus Total, can it really be that important?
As a Henssler client, if you have a cybersecurity-related question or concern, we are here to help! Contact us at firstname.lastname@example.org, or through your associate.