For all the benefits the digital age has brought us, the sad truth is that it has also empowered scammers, criminals, and bad actors. Digital fraud is on the rise, and with something as simple as a booby-trapped link and a few sweet words, a scammer can steal all of your most valuable data and rob you blind. If you want to avoid the most common methods of hacking your passwords, the best thing you can do is use healthy skepticism tools with every link you come across, from double-checking addresses to running a grammar check.
No matter how advanced digital scamming has become – especially with the advent of generative AI and the new deception tactics it enables – the vast majority of booby-trapped links can be safely avoided through a combination of calm, critical, and common-sense inspection methods. It can be scary to receive an alarming message with a request for money, or to get an offer that is definitely too good to be true – but as long as you stay calm and use this monitoring manual, you can avoid the danger, as well as report the culprits and hopefully spare others the headache.
Stay calm and think logically
The first thing you should always do when you receive a suspicious link is to stay calm. Scammers of all shapes and sizes most often try to capitalize on intense emotions in order to trick you into clicking on their links. They’ll send you a DM saying they’ve already stolen your information and are holding it hostage to scare you, or they’ll send you an email with a tempting offer for something they know you want. These games about intense emotions are usually associated with a sense of urgency, that something bad will happen if you don’t click on their link as soon as you get it.
It’s scary and disorienting to receive a message like that, but if you receive a suspicious or hostile invitation, first of all, you should take a deep breath and focus on your logical thinking. Don’t click anything until you are sure you are calm. In the right mindset, you’re much more likely to understand the nonsense a potential scammer is trying to feed you.
Check senders and addresses
What you need to know about scammers is that the majority of them are both very lazy and not particularly intelligent. For example, if they wanted to trick you into clicking a link by pretending to be your bank in an email, they would probably put your bank’s name in the subject line, and maybe something like “hi, this is your bank” in the body. However, what they will probably neglect to do is change the address the email is coming from, and that’s where you’ll catch them.
Whenever you receive an email from an important institution like a bank, school, lawyer, or something similar, check the sender’s name and email address. Chances are that the address is a random hodgepodge rather than the real, official address of that institution, which you can verify by visiting that institution’s website. Even if the address contains the name of the institution, it will likely differ from the official address in some way, such as using offset dots. If you’ve already received an email from the same source and you know that previous email was genuine, you can retrieve it and use it as a point of comparison to verify the address and sender.
Perform a spelling and grammar check
It may seem silly to check the spelling or grammar of an email or DM to detect scammers, but in reality, it’s one of the best tools you have to protect yourself. Whether they’re trying to avoid spam filters with deliberate errors or they’re just really bad at writing, scam emails and DMs will often look very sloppy and mixed up. If a message is riddled with obvious typos, you absolutely should not click on any links within it, and especially if the message claims to come from one of the aforementioned institutions. Obviously, a bank or a school would take the trouble to reread their emails.
Even if there are no obvious typos, you may still want to recover an old email from the same alleged source if you have one. Fraudsters can use generative AI to clone the content of common messages and make them more authentic, but generative AI has its own quirks when it comes to writing messages. If the tone of the suspicious email seems noticeably different from the genuine one, more stilted and robotic, it is likely a generic scam message.
Mouse over before clicking
Let’s say you receive an email or DM that seems to be on the level, but you still have a bad feeling about the included links. You might think your only way to know for sure would be to click the link and cross your fingers, but there’s one more good tool at your disposal: mouse hover.
In all desktop web browsers, if you hold your mouse cursor over the hyperlink text, you can see the link address in the lower left corner of the window. Returning to the bank example, if a hyperlink is supposed to take you to a bank’s official website, hovering over it should reveal a relatively clear URL with the bank’s name in the foreground. If you hover over that link and see nothing but a string of seemingly random letters, numbers, and misspelled words, that’s a big red flag. Remember, just checking the URL this way is safe; a trapped link only becomes dangerous when you click on it.
Check with your friends and family
What’s particularly frustrating about the ubiquity of online scams and suspicious links is the tendency for scammers to use your friends and family against you. In addition to these big-sounding institutions, fraudsters may try to duplicate the identities of your loved ones to get you to click on a booby-trapped link. This is a dangerous method of exploiting your emotions, your sense of confidence and urgency, but it has a fatal flaw in secondary methods of communication.
If you ever receive a suspicious link from someone you know, via email or DM, you should contact that person through a secondary communication method. Whether you message them on another platform, call them on the phone, or simply visit them in person, you can confirm if that initial message is actually from them and take appropriate action. Best case scenario, a scammer would simply send you an email with a spoofed address – but it could also be a sign that your friends’ accounts have been hacked, prompting them to take security countermeasures, so it’s an important step.