Clicking Links in Emails -Barracuda Protection

Clicking a link in an email is always a bit of a gamble. On the other end of the link could be the information you want to see, or it could be a malicious website, virus-filled download or inappropriate content.

IT always recommends not clicking links found in emails unless you’re 100% sure they’re safe. But even links sent from sources you may trust can be malicious now that scammers are great at spoofing. So how do you know when it’s safe to click?

In the past, LMC utilized the KnowBe4 2nd Chance Alert to warn users of clicking on links within emails. However, the service put the responsibility of reviewing the link on the end user. Although it did provide an opportunity to review whether the link appeared to be legitimate, it was not always clear whether the link as safe or not.

LMC now utilizes Barracuda email protection to pre-screen all links/URLs that are sent via email. When a link is present in an email, you can hover over the link to verify that it is protected. In the example below, from Staples, you’ll see the LinkProtect prefix at the beginning of the URL (highlighted in green). Behind that, you’ll see the site URL (highlighted in yellow). Although it is

Example of Email link protection

Barracuda LinkProtect scans every email before delivering them to your mailbox and looks for known nefarious links. When detected, Barracuda quarantines the emails before they enter your mailbox. Barracuda constantly updates their databases to add new alerts to keep our email safe.

Although Barracuda LinkProtect catches most nefarious links within emails, it is a best practice to continue to review the content of the links prior to clicking.

There are some important questions you can ask first that will give you a good idea if the link is safe or not.

1. Where did the link come from?

Perhaps the most important question you can ask is how you got the link in the first place. Was it in an unsolicited email or text message? Did you get it in a Google search? Was it in a friend’s Facebook post?

As a rule, if a link is unsolicited, you don’t want to click on it. Hackers send out malicious links in emails and texts daily. They’re especially good at putting links in emails that look like they’re from legitimate companies. If the link is from someone you know, check with them first to make sure they really sent it, and that their account wasn’t hacked. Although Barracuda LinkProtect catches most nefarious links, if you suspect something is suspicious, report the email via the Barracuda Essentials icon in your mailbox.

2. Why am I clicking the link?

OK, this question sounds philosophical, but we’re not actually asking “why” you do things in the general metaphysical sense. We’re asking you why you want to click on that particular link.

Is it out of fear that something bad will happen if you don’t? Are you responding to greed or anger? Is it out of basic curiosity? These are just a few of the triggers that hackers use to trick you into clicking.

For example, an email might say your bank account has been hacked and you need to click right away and enter your information so the bank can get your money back. Maybe you see a post on Facebook saying you could win the lottery or get a brand new expensive tech gadget for free.

If you find yourself on the verge of reacting out of emotion, take a second and really think about why you’re doing what you’re doing. You might realize that you’re being manipulated. And we’re about to tell you how you can know for sure.

3. Does the link look right?

Web links follow certain rules. That means you can often tell at a glance if one is on the up-and-up. The biggest tip-off is the domain name. For example, the domain name of my site is Microsoft.com.

It might have a prefix, such as “News.Microsoft.com ,”password.Microsoft.com “ ,” or “Emailfinder.Microsoft.com” Or it might have a suffix, such as “Microsoft.com/passwordupdate” or ”Microsoft.com/addemailstorage “ But no matter what, “Microsoft.com ” is going to be the centerpiece of any link on their site.

So, if you got an email claiming to be from Microsoft but the link was “www.somethingelse.com/this-is-fake” or even “Microsoft.somethingelse.com/also-fake” or “somethingelse.com/Microsoft,” you know something is up.

Sometimes this can get a little tricky. For example, Google’s shortening service is “goog.le,” but on the whole, it’s a good thing to check. However, there are a few more tricks hackers like to pull.

4. Is there a second opinion?

Sometimes when you’re in a rush, you don’t always check links as thoroughly as you should. Or maybe you think a link in a Google search or on a website is bad, but you aren’t sure.

LMC has Barracuda software that watches links and lets you know if they don’t go where you think, or if other people have reported them as being a problem. If you are unsure if a link is safe, contact the IT Service Desk for a second opinion

Office Hours Room C229: Monday-Friday 8:00 am - 5:00 pm | Call us 269-927-8189