So, how does one determine if a link or file is safe?
- First is this email from an entity or person you know? If not, DELETE!
- If it is a file, were you expecting a file? If not, DELETE!
- Is it a shortened URL (like those sent via Twitter or in text messages)? DELETE!
- If it is a link, do you really need to click on that link, or is it just another cat video on YouTube? DELETE (ok, I enjoy ICanHasCheezeburger as much as the next guy, but I type in the web address for my fix)
- If the email is from a financial service provider (bank, Schwab, etc) - the first choice is to open your browser and type in their web address (or use a previously saved shortcut) - or even better, use LastPass to open the website and log you in.
Step 1: Copy the link to your clipboard. To do this, hover your mouse over the link and then RIGHT CLICK (emphasis on RIGHT mouse button click) on the link and select 'Copy'.
Step 2: Open your browser and go to: https://www.virustotal.com
Step 3: Select the URL tab in the center, then click in the 'Search…' box and either press 'CTRL-V' to paste the link you just copied or, right click and select 'Paste…' and then press the ENTER key.
For a file attachment do the following:
Step 1: Save the file without opening it to your computer. How you do this can vary based upon your email program, provider – for some, there is a small arrow you click on and select ‘Save As’. In Gmail, if you hover your mouse over the filename, the image will change and a down-arrow will appear to Download the file. Select a location and save the file but DO NOT open it.
Step 2: From the Virus Total website select ‘File’, then click on the ‘Choose file’ button.
After the file is uploaded, Virus Total will check it using 50+ different scanners. If the number in the upper left is not ZERO, then DELETE!
Another useful tool/website that I use for checking links is called URLScan (https://urlscan.io). This works in the same manner as VirusTotal, but it also will show you a thumbnail of the webpage which can be helpful as well as a lot of the technical info to tell what this site is really doing.
Paste the link into the search box and then click on ‘Public Scan’
This tool contains a lot more technical info that may not be as helpful to most, so start with VirusTotal and if you still have concerns, check it on URLScan.
If this seems a bit inconvenient…it is. That is the nature of security. But the consequences can be much worse.
If a link is not worth the trouble of taking 30 seconds to scan it with VirusTotal, can it really be that important?