Cyber Security
Hover "craft"
You've received an email from someone you know, and it's asking you to visit a website which you also know. Is it OK to click on it? Hovering your cursor over the recipient and link address will give you many of the clues you need.
Let me show you an easy example to help you understand what's going on under the surface. Here's a link which directs you to another page in this website,
amitc Limited Home. If you hover your cursor over the word "Home" you will see, somewhere in your browser window, that I have saved you from having to look at the terrifyingly complicated address "www.amitc.co.uk/Content.aspx?ID=1&Keywords=Homepage". But when you click on it, it goes exactly where you'd expect. I have used a function of HTML to make it read in a more friendly manner. Unfortunately hackers will use this very same function to trick you into clicking on links which you really shouldn't. Here's another link which looks like it also might direct you to this website's home page,
amitc Limited Home. Hovering over this link should reveal that actually it will direct you to the Microsoft 365 login page, and if you click on it you should find that it does exactly that! And this one also sends you off the the login page,
http://www.amitc.co.uk, but arguably this is even more convincing! Now just imagine if I had directed you to a fake Microsoft login page, but used the friendly text to suggest that it should be the real one. You would happily enter your credentials without a care in the world. This is technically known as a type of "phishing", a tool hackers use to obtain your login credentials so that they can assume your identity for nefarious purposes. So remember, before clicking that link, hover.
But it's not just hyperlinks which can trick you, hackers use the same function in order to fool you into thinking an email has come from a trusted sender. So here's a legitimate email address link, such as what you might see when receiving an email in Windows Mail or Microsoft Outlook, AMITC. Hovering over this should reveal that it is a shortcut to emailing info@amitc.co.uk. By changing the underlying address though, and changing the friendly text to the address that hackers would have you believe you are contacting, you could be tricked into emailing someone completely different. For example info@amitc.co.uk, hover over this address to see who you would really be emailing. Finally, how about this last one, would this one fool you into clicking on it info@amitc.co.uk?
Whilst you are hovering, whether it be on a link or on an email address, read the real address it is directing you to. Make sure that you read the address fully, and check it for correct spelling. Would Microsoft really send you to micr0soft.com? Check the whole domain name (this is the bit after "http://" but before the next "/"). So if you see something like "https://www.authenticationat-microsoft.com", "https://www.trustedmicrosoft.com", or "https://www.mircosoft.com", stop, take a moment to re-read anything your brain might have told you was legitimate, and only then when you are fully satisfied that everything looks OK should you click that mouse button.
Posted 13/12/2021